Change search
Refine search result
1 - 39 of 39
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1. Deng, Ming
    et al.
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Kursawe, Klaus
    Personal rights management: Taming camera-phones for individual privacy enforcement2006In: Privacy Enhancing Technologies, Springer, 2006, p. 172-189Conference paper (Refereed)
    Abstract [en]

    With ubiquitous use of digital camera devices, especially in mobile phones, privacy is no longer threatened by governments and companies only. The new technology creates a new threat by ordinary people, who could take and distribute pictures of an individual with no risk and little cost in any situation in public or private spaces. Fast distribution via web based photo albums, online communities and web pages expose an individual's private life to the public. Social and legal measures are increasingly taken to deal with this problem, but they are hard to enforce in practice. In this paper, we proposed a model for privacy infrastructures aiming for the distribution channel such that as soon as the picture is publicly available, the exposed individual has a chance to find it and take proper action in the first place. The implementation issues of the proposed protocol are discussed. Digital rights management techniques are applied in our proposed infrastructure, and data identification techniques such as digital watermarking and robust perceptual hashing are proposed to enhance the distributed content identification.

  • 2.
    Fischer-Hübner, Simone
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Martucci, Leonardo
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Herold, Sebastian
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Iwaya, Leonardo H
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Alfredsson, Stefan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Albin, Zuccato
    ATEA Sverige AB, Stockholm, Sweden.
    A MOOC on Privacy by Design and the GDPR2018In: Information Security Education: Towards a Cybersecure Society / [ed] Lynette Drevin, Marianthi Theocharidou, Cham, Switzerland: Springer, 2018, p. 95-107Conference paper (Refereed)
    Abstract [en]

    In this paper we describe how we designed a massive open online course (mooc) on Privacy by Design with a focus on how to achieve compliance with the eu gdpr principles and requirements in it engineering and management. This mooc aims at educating both professionals and undergraduate students, i.e., target groups with distinct educational needs and requirements, within a single course structure. We discuss why developing and publishing such a course is a timely decision and fulfills the current needs of the professional and undergraduate education. The mooc is organized in five modules, each of them with its own learning outcomes and activities. The modules focus on different aspects of the gdpr that data protection officers have to be knowledgeable about, ranging from the legal basics, to data protection impact assessment methods, and privacy-enhancing technologies. The modules were delivered using hypertext, digital content and three video production styles: slides with voice-over, talking heads and interviews. The main contribution of this work is the roadmap on how to design a highly relevant mooc on privacy by design and the gdpr aimed at an heterogeneous audience.

  • 3.
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Comments on ”The grant life cycle – a researcher’s handbook”2017Report (Other academic)
    Abstract [en]

    The grant proposing introduction tutorial for young researchers is undergoing revision at Karlstad University. The Grants and Innovation Office (GIO) has requested suggestions for improvements from researchers. This document is a review of the existing document, including suggestions, critique and recommendations for complementary information in support of the GIO presentation at the Computer Science Department on March 29, 2017.

  • 4.
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    How Big Data Helps SDN with data Protection and Privacy2018In: Big Data and Software Defined Networks / [ed] Javid Taheri, London, UK: The Institution for Engineering and Technology (IET) , 2018, p. 339-351Chapter in book (Refereed)
  • 5.
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Partial commitment – "Try before you buy" and "Buyer’s remorse" for personal data in Big Data & Machine learning2017In: Trust Management XI: 11th IFIP WG 11.11 International Conference, IFIPTM 2017, Gothenburg, Sweden, June 12-16, 2017, Proceedings / [ed] Jan-Phillip Steghöfer, Babak Esfandiari, Cham, Switzerland: Springer, 2017, Vol. 505, p. 3-11Conference paper (Refereed)
    Abstract [en]

    The concept of partialcommitment is discussed in the context of personal privacy management in datascience. Uncommitted, promiscuous or partially committed user’s data may eitherhave a negative impact on model or data quality, or it may impose higherprivacy compliance cost on data service providers. Many Big Data (BD) andMachine Learning (ML) scenarios involve the collection and processing of largevolumes of person-related data. Data is gathered about many individuals as wellas about many parameters in individuals. ML and BD both spend considerable resourceson model building, learning, and data handling. It is therefore important toany BD/ML system that the input data trained and processed is of high quality,represents the use case, and is legally processes in the system. Additionalcost is imposed by data protection regulation with transparency, revocation andcorrection rights for data subjects. Data subjects may, for several reasons, only partially accept a privacypolicy, and chose to opt out, request data deletion or revoke their consent fordata processing. This article discusses the concept of partial commitment andits possible applications from both the data subject and the data controllerperspective in Big Data and Machine Learning.

  • 6.
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Privacy dark patterns in identity management2017In: Open Identity Summit 2017: Proceedings / [ed] Lothar Fritsch, Heiko Roßnagel, Detlef Hühnlein, Bonn: Gesellschaft für Informatik, 2017, p. 93-104Conference paper (Refereed)
    Abstract [en]

    This article presents three privacy dark patterns observed in identity management. Dark patterns are software design patterns that intentionally violate requirements, in the given case privacy requirements for identity management. First, the theoretical background is presented, and then next, the observed patterns are documented, described and formalized. The resulting dark patterns show how security is used as obfuscation of data collection, how the seemingly harmless collection of additional data is advertised to end users, and how the use of anonymization technology is actively discouraged by service providers.

  • 7. Fritsch, Lothar
    Security and privacy engineering for corporate use of social community platforms2011In: INFORMATIK 2011 - Informatik schafft Communities - 41. Jahrestagung der Gesellschaft für Informatik e.V. / [ed] H.-U. Heiß, P. Pepper, S. Holger et al.,, Gesellschaft für Informatik , 2011Conference paper (Refereed)
  • 8.
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Summary of the 2nd 7DAV008 Peer Review PhD course deployment, 28-September-2017: Technical report LOF2017-3.2017Report (Other (popular science, discussion, etc.))
    Abstract [en]

    The course is intended to teach 1st-year doctoral students about peer reviewing as part of the scientific production cycle. As preparation for the course, the students receive a reading list with articles covering various aspects of peer review. Students then have to select one article they will summarize in a 10-minute presentation for the seminar group. Another student will complement as a respondent with a 5-minute slot for presentation.

     A half-day seminar is then held where the students will present and discuss their reviewed articles. This is followed up with a session on various professional and ethical issues to consider when acting as a reviewer. A following session shows and discusses examples of review reports, with possible contributions of student-received reviews. Finally, the course introduces Easychair, a platform for managing peer reviews.  Following the seminar course, the students have to perform five peer reviews in collaboration with and instruction from their supervisors. The course will be completed when the seminar and five reviews are completed.

  • 9.
    Fritsch, Lothar
    Norsk Regnesentral.
    The Clean Privacy Ecosystem of the Future Internet2013In: Future Internet, ISSN 1999-5903, E-ISSN 1999-5903, Vol. 5, no 1, p. 34-45Article in journal (Refereed)
    Abstract [en]

    This article speculates on the future of privacy and electronic identities on the Internet. Based on a short review of security models and the development of privacy-enhancing technology, privacy and electronic identities will be discussed as parts of a larger context—an ecosystem of personal information and electronic identities. The article argues for an ecosystem view of personal information and electronic identities, as both personal information and identity information are basic required input for many applications. Therefore, for both application owners and users, a functioning ecosystem of personal information and electronic identification is important. For the future of the Internet, high-quality information and controlled circulation of such information is therefore argued as decisive for the value of future Internet applications.

  • 10.
    Fritsch, Lothar
    Norsk Regnesentral.
    Trust and Privacy in the Internet of Things in the User’s View - Keynote talk on "Future Trends and Challenges" track2012In: Chip-to-Cloud Security Forum 2012, Nice, France, 2012Conference paper (Refereed)
  • 11.
    Fritsch, Lothar
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Fischer-Hübner, Simone
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Applications of Privacy and Security Research in the Upcoming Battlefield of Things2018In: Proceedings of the 17th European Conference on Cyber Warfare and Security / [ed] Audun Jøsang, Reading: Academic Conferences and Publishing International Limited, 2018Conference paper (Refereed)
    Abstract [en]

    This article presents the results of a trend scouting study on the applicability of contemporary information privacy and information security research in future defence scenarios in a 25-year-horizon. We sketch the expected digital warfare and defence environment as a “battlefield of things” where connected objects, connected soldiers and automated and autonomous sensing and acting systems are core elements. Based on this scenario, we discuss current research in information security and information privacy and their relevance and applicability for the future scenario.

  • 12.
    Fritsch, Lothar
    et al.
    Norsk Regnesentral.
    Fuglerud, Kristin Skeide
    Solheim, Ivar
    Towards Inclusive Identity Management: 1st IDIS workshop 20082010In: Identity in the Information Society, ISSN 1876-0678, E-ISSN 1876-0678, Vol. 3, no 3, p. 515-538Article in journal (Refereed)
    Abstract [en]

    The article argues for a shift of perspective in identity management (IDM) research and development. Accessibility and usability issues affect identity management to such an extent that they demand a reframing and reformulation of basic designs and requirements of modern identity management systems. The rationale for the traditional design of identity management systems and mechanisms has been security concerns as defined in the field of security engineering. By default the highest security level has been recommended and implemented, often without taking end-user needs and accessibility issues into serious consideration. The article provides a conceptual framework for inclusive IDM, a brief overview of the regulatory status of inclusive IDM and a taxonomy of inclusive identity management methods. Several widespread IDM approaches, methods and techniques are analyzed and discussed from the perspective of inclusive design. Several important challenges are identified and some ideas for solutions addressing the challenges are proposed and discussed.

  • 13.
    Fritsch, Lothar
    et al.
    Norsk Regnesentral Norwegian Comp Ctr, NO-0373 Oslo, Norway..
    Groven, Arne-Kristian
    Norsk Regnesentral Norwegian Comp Ctr, NO-0373 Oslo, Norway..
    Schulz, Trenton
    Norsk Regnesentral Norwegian Comp Ctr, NO-0373 Oslo, Norway..
    On the Internet of Things, Trust is Relative2012In: CONSTRUCTURING AMBIENT INTELLIGENCE, Springer Berlin/Heidelberg, 2012, p. 267-273Conference paper (Refereed)
    Abstract [en]

    End-users on the Internet of Things (IoT) will encounter many different devices and services; they will need to decide whether or not they can trust these devices and services with their information. We identify three items of trust information that end-users will need to determine if they should trust something on the IoT. We create a taxonomy of the likely scenarios end-users will encounter on the IoT and present five trust strategies for obtaining this trust information. Upon applying these strategies to our scenarios, we find that there is no strategy that can work efficiently and effectively in every situations; end-users will need to apply the strategy that best fits their current situation. Offering multiple trust strategies in parallel and having this information transparent to end-users will ensure a sustainable IoT.

  • 14.
    Fritsch, Lothar
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Groven, Arne-Kristian
    Norwegian Comp Ctr, Oslo, Norway..
    Strand, Lars
    Norwegian Comp Ctr, Oslo, Norway..
    A holistic approach to Open-Source VoIP security: Preliminary results from the EUX2010sec project2009In: Networks, 2009. ICN '09. Eighth International Conference on / [ed] Robert Bestak, Laurent George, Vladimir S. Zaborovsky, Cosmin Dini, IEEE , 2009, p. 275-280Conference paper (Refereed)
    Abstract [en]

    This paper describes the approach and preliminary results from the research project EUX2010sec. The project works closely with Voice-over-IP (VoIP) companies and users. It aims at providing better security of opera source VoIP installations. The work towards this goal is organized by gathering researchers and practitioners around several scientific activities that range from security modeling and verification up to testbed testing. The expected outcomes of the project are a solid scientific and practical understanding of the security options for setting tip VoIP infrastructures, particular guidance on secure, typical setups of such infrastructures, The project's special focus is on producing results relevant to the practitioners in the project, aiming at the stimulation of innovation and the provision of highest quality in open-source based VoIP products and services.

  • 15.
    Fritsch, Lothar
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Momen, Nurul
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Derived Partial Identities Generated from App Permissions2017In: Open Identity Summit 2017: Proceedings / [ed] Lothar Fritsch, Heiko Roßnagel, Detlef Hühnlein, Bonn: Gesellschaft für Informatik, 2017Conference paper (Refereed)
    Abstract [en]

    This article presents a model of partial identities derived from app permissions that is based on Pfitzmann and Hansen’s terminology for privacy [PH10]. The article first shows how app permissions accommodate the accumulation of identity attributes for partial digital identities by building a model for identity attribute retrieval through permissions. Then, it presents an experimental survey of partial identity access for selected app groups. By applying the identity attribute retrieval model on the permission access log from the experiment, we show how apps’ permission usage is providing to identity profiling.

  • 16.
    Fritsch, Lothar
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Roßnagel, HeikoFraunhofer IAO, Fraunhofer Gesellschaft, Stuttgart.Hühnlein, DetlefECSEC GmbH.
    Open Identity Summit 2017: Proceedings2017Conference proceedings (editor) (Refereed)
  • 17.
    Fritsch, Lothar
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Tjostheim, Ingvar
    Nork Regnesentral.
    Kitkowska, Agnieszka
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    I’m Not That Old Yet! The Elderly and Us in HCI and Assistive Technology2018In: Proceedings of the Mobile Privacy and Security for an Ageing Population workshop at the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI) 2018, Barcelona: University of Bath; Cranfield university; Northumbria university, Newcastle; University of Portsmouth , 2018Conference paper (Other academic)
    Abstract [en]

    Recent HCI research in information security and privacy focuses on the Elderly. It aims at the provision of inclu-sive, Elderly-friendly interfaces for security and data protection features. Much attention is put on care situa-tions where the image of the Elderly is that of sick or disabled persons not mastering contemporary infor-mation technology. That population is however a frac-tion of the group called the Elderly. In this position pa-per, we argue that the Elderly are a very diverse popu-lation. We discuss issues rising from researchers and software architects’ misconception of the Elderly as technology-illiterate and unable. We suggest a more nuanced approach that includes changing personal abil-ities over the course of life.

  • 18.
    Josang, Audun
    et al.
    Univ Oslo, UNIK Univ Grad Ctr, N-0316 Oslo, Norway.
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Mahler, Tobias
    Privacy Policy Referencing2010In: Trust, Privacy and Security in Digital Business: 7th International Conference, TrustBus 2010, Bilbao, Spain, August 30-31, 2010. Proceedings / [ed] Katsikas, S., Lopez, J. & Soriano, M., Springer, 2010, p. 129-140Conference paper (Refereed)
    Abstract [en]

    Data protection legislation was originally defined for a context where personal information is mostly stored on centralized servers with limited connectivity and openness to 3rd party access. Currently, servers are connected to the Internet, where a large amount of personal information is continuously being exchanged as part of application transactions. This is very different from the original context of data protection regulation. Even though there are rather strict data protection laws in an increasing number of countries, it is in practice rather challenging to ensure an adequate protection for personal data that is communicated on-line. The enforcement of privacy legislation and policies therefore might require a technological basis, which is integrated with adequate amendments to the legal framework. This article describes a new approach called Privacy Policy Referencing, and outlines the technical and the complementary legal framework that needs to be established to support it.

  • 19. Kohlweiss, Markulf
    et al.
    Faust, Sebastian
    Fritsch, Lothar
    Norsk Regnesentral.
    Gedrojc, Bartek
    Preneel, Bart
    Efficient oblivious augmented maps: Location-based services with a payment broker2007In: PRIVACY ENHANCING TECHNOLOGIES, Katholieke Univ Leuven, ESAT, COSIC, B-3001 Louvain, Belgium., 2007, p. 77-94Conference paper (Refereed)
    Abstract [en]

    Secure processing of location data in location-based services (LBS) can be implemented with cryptographic protocols. We propose a protocol based on oblivious transfer and homomorphic encryption. Its properties are the avoidance of personal information on the services side, and a fair revenue distribution scheme. We discuss this in contrast to other LBS solutions that seek to anonymize information as well as possible towards the services. For this purpose, we introduce a proxy party. The proxy interacts with multiple services and collects money from subscribing users. Later on, the proxy distributes the collected payment to the services based on the number of subscriptions to each service. Neither the proxy nor the services learn the exact relation between users and the services they are subscribed to.

  • 20. Kohlweiss, Markulf
    et al.
    Fritsch, Lothar
    Norsk Regnesentral.
    Privatsphäre trotz intelligenter Zähler2012In: digma - Zeitschrift für Datenrecht und Informationssicherheit, ISSN 1424-9944, Vol. 12, no 1, p. 22-26Article in journal (Refereed)
  • 21. Konig, Wolfgang
    et al.
    Fritsch, Lothar
    Goethe University.
    Innovation promotion in the public environment through Public private partnerships -: The example of satellite navigation2007In: Wirtschaftsinformatik, ISSN 0937-6429, E-ISSN 1861-8936, Vol. 49, no 2, p. 77-79Article in journal (Other academic)
  • 22.
    Lehmann, Anja
    et al.
    IBM Research, Zurich.
    Whitehouse, DianeFischer-Hübner, SimoneKarlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.Fritsch, LotharKarlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.Raab, CharlesUniversity of Edinburgh.
    Privacy and Identity Management. Facing up to Next Steps: 11th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, Karlstad, Sweden, August 21-26, 2016, Revised Selected Papers2017Conference proceedings (editor) (Refereed)
  • 23.
    Lenhard, Jörg
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Herold, Sebastian
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    A Literature Study on Privacy Patterns Research2017In: SEAA 2017 - 43rd Euromicro Conference Series on Software Engineering and Advanced Applications, IEEE, 2017, p. 194-200Conference paper (Refereed)
    Abstract [en]

    Context: Facing the implementation of the EU General Data Protection Regulation in May 2018, many commercial software providers will soon need to adapt their products to new privacy-related constraints. Privacy patterns defined for different aspects of the software engineering process promise to be a useful concept for this task. In this situation, it seems valuable to characterize the state of the research related to privacy patterns.Objective: To identify, characterize and classify the contributions made by published research results related to patterns in the context of considering privacy concerns in engineering software. Method: A literature review in form of a mapping study of scientific articles was performed. The resulting map structures the relevant body of work into multiple dimensions, illustrating research focuses and gaps.Results: Results show that empirical evidence in this field is scarce and that holistic approaches to engineering privacy into software based on patterns are lacking. This potentially hinders industrial adoption.Conclusion: Based on these results, we recommend to empirically validate existing privacy patterns, to consolidate them in pattern catalogues and languages, and to move towards seamless approaches from engineering privacy requirements to implementation.

  • 24.
    Momen, Nurul
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Lindskog, Stefan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    How much Privilege does an App Need? Investigating Resource Usage of Android Apps2017In: Proceedings of the Fifteenth International Conference on Privacy, Security and Trust – PST 2017 (IEEE proceedings pendings), IEEE, 2017Conference paper (Refereed)
    Abstract [en]

    Arguably, one of the default solutions to many of today’s everyday errands is to install an app. In order to deliver a variety of convenient and user-centric services, apps need to access different types of information stored in mobile devices, much of which is personal information. In principle, access to such privacy sensitive data should be kept to a minimum. In this study, we focus on privilege utilization patterns by apps installed on Android devices. Though explicit consent is required prior to first time access to the resource, the unavailability of usage information makes it unclear when trying to reassess the users initial decision. On the other hand, if granted privilege with little or no usage, it would suggest the likely violation of the principle of least privilege. Our findings illustrate a plausible requirement for visualising resource usage to aid the user in their decision- making and finer access control mechanisms. 

  • 25. Paintsil, Ebenezer
    et al.
    Fritsch, Lothar
    Norsk Regnesentral.
    A Taxonomy of Privacy and Security Risks Contributing Factors2011In: IFIP Advances in Information and Communication Technology, ISSN 1868-4238, Vol. 352, p. 52-63Article in journal (Refereed)
  • 26.
    Paintsil, Ebenezer
    et al.
    Norwegian Comp Ctr, Dept Appl Res, ICT, Oslo, Norway..
    Fritsch, Lothar
    Norwegian Comp Ctr, Dept Appl Res, ICT, Oslo, Norway..
    A Taxonomy of Privacy and Security Risks Contributing Factors2011In: PRIVACY AND IDENTITY MANAGEMENT FOR LIFE, Springer, 2011, p. 52-63Conference paper (Refereed)
    Abstract [en]

    Identity management system(s) (IDMS) do rely on tokens in order to function. Tokens can contribute to privacy or security risk in IDMS. Specifically, the characteristics of tokens contribute greatly to security and privacy risks in IDMS. Our understanding of how the characteristics of token contribute to privacy and security risks will help us manage the privacy and security risks in IDMS. In this article, we introduce a taxonomy of privacy and security risks contributing factors to improve our understanding of how tokens affect privacy and security in ID MS. The taxonomy is based on a survey of IDMS articles. We observed that our taxonomy can form the basis for a risk assessment model.

  • 27. Paintsil, Ebenezer
    et al.
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Executable Model-Based Risk Analysis Method for Identity Management Systems: Using Hierarchical Colored Petri Nets Executable Model-Based Risk Assessment Method for Identity Management Systems2013In: Trust, Privacy, and Security in Digital Business: 10th International Conference, TrustBus 2013, Prague, Czech Republic, August 28-29, 2013. Proceedings / [ed] Furnell, S., Lambrinoudakis, C. & Lopez, J., Springer , 2013, p. 48-61Conference paper (Refereed)
    Abstract [en]

    Model-based risk analysis methods use graphical models to facilitate participation, risk communication and documentation and thereby improve the risk analysis process. Currently, risk analysis methods for identity management systems (IDMSs) mainly rely on time consuming and expensive manual inspections and lack graphical models. This article introduces the executable model-based risk analysis method (EM-BRAM) with the aim of addressing these challenges. The EM-BRAM employs graphical models to enhance risk analysis in IDMSs. It identifies risk contributing factors for IDMSs and uses them as inputs to a colored petri nets (CPNs) model of a targeted IDMS. It then verifies the system’s risk using CPNs’ state space analysis and queries. Currently, risk assessment methods for identity management systems (IDMSs) are lacking. This makes it difficult to compare IDMSs based on how they enhance privacy and security of system stakeholders. This article proposes the executable model-based risk assessment method (EM-BRAM) with the aim of addressing this challenge. The EM-BRAM identifies risk factors inherent in IDMSs and uses them as inputs to a colored petri nets (CPNs) model of a targeted IDMS. It then estimates or verifies the system’s security and privacy risks using CPNs’ state space analysis and queries.

  • 28. Paintsil, Ebenezer
    et al.
    Fritsch, Lothar
    Norsk Regnesentral.
    Taxonomy of Privacy and Security Risks Contributing Factors2011In: Privacy and Identity Management for Life. 6th IFIP WG 9.2, 9.6/11.7, 11.4, 11.6/PrimeLife International Summer School, Helsingborg, Sweden, August 2-6, 2010, Revised Selected Papers, Springer , 2011Conference paper (Refereed)
  • 29. Paintsil, Ebenezer
    et al.
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Towards Legal Privacy Risk Assessment Automation in Social Media2011In: INFORMATIK 2011 - Informatik schafft Communities / [ed] Heiß, H.,Pepper, P., Schlingloff, H. & Schneider, J., Gesellschaft für Informatik , 2011Conference paper (Refereed)
  • 30.
    Røssvoll, Till Halbach
    et al.
    Norsk Regnesentral.
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Reducing the User Burden of Identity Management: A Prototype Based Case Study for a Social-Media Payment Application Trustworthy and Inclusive Identity Management for Applications in Social Media2013In: ACHI 2013, The Sixth International Conference on Advances in Computer-Human Interactions, International Academy, Research and Industry Association (IARIA), 2013Conference paper (Refereed)
    Abstract [en]

    We describe a prototype for inclusive and secure identity management regarding a bill sharing application in social media. Beginning with the principals of universal design, and involving groups of users with impairments, we designed a set of alternative authentication methods based on OpenID. This work explains the scenario and the particularities of designing a trust, security, and privacy infrastructure with a high degree of usability for diverse user groups, and which is aligned with the requirements from regulatory frameworks. The user trials show that several authentication alternatives in multiple modalities are welcomed by impaired users, but many have restrictions when it comes to payments in the context of social media.

  • 31.
    Scherner, Tobias
    et al.
    Goethe University.
    Fritsch, Lothar
    Goethe University.
    Technology Assurance2011In: Digital Privacy: Final report of the PRIME project / [ed] Camenisch, Jan; Leenes, Ronald; Sommer, Dieter, Heidelberg: Springer Berlin/Heidelberg, 2011Chapter in book (Refereed)
    Abstract [en]

    This chapter documents the experiences of assurance evaluation during the early stage of a large software development project. The PRIME project researches, contracts and integrates privacy-respecting software to business environments. There exist several approaches to ensure the quality of secure software. Some of these approaches have the focus of quality assurance at a very early stage of the development process and have weaknesses to ensure the quality of this process until the product is ready to enter the market. Other approaches, like the CC, focus on inspection, or more concrete evaluation, of ready-to-market products.

  • 32. Schulz, Trenton
    et al.
    Fritsch, Lothar
    Norsk Regnesentral.
    Accessibility and Inclusion Requirements for Future e-Identity Solutions2014In: Computers Helping People with Special Needs: Proceedings of the 14th International Conference, ICCHP 2014, Paris, France, July 9-11, 2014, Springer , 2014, p. 316-323Conference paper (Refereed)
    Abstract [en]

    Future e-identity services will need to be accessible for people with different types of abilities. We review current sets of accessibility guidelines and standards, current assistive technology, and current e-identity technology to determine accessibility and inclusion requirements for a future e-identity solution. For our project, we found that the area we could influence the most was the development of user interface for the client for e-identity and focused on these areas with the assumption that users would have access to inclusive cards and card readers. The requirements are divided into content and presentation, control and operation, legal requirements, testing, and help and support. We also provide possible areas for future research.

  • 33. Schulz, Trenton
    et al.
    Fritsch, Lothar
    Norsk Regnesentral.
    Identifying Trust Strategies in the Internet of Things2013In: Proceedings of the User-Centered Trust in Interactive Systems Workshop: a Workshop from NordiCHI 2012: TRUST, Norsk Regnesentral , 2013, Vol. 1028, p. 19-25Conference paper (Refereed)
  • 34. Schulz, Trenton
    et al.
    Fritsch, Lothar
    Norsk Regnesentral.
    Schlehahn, Eva
    Hansen, Marit
    Zwingelberg, Harald
    Identifying Trust Strategies in the Internet of Things FutureID Deliverable D22.7 Accessibility and Inclusion Requirements2013Report (Refereed)
    Abstract [en]

    Users in the Internet of Things (IoT) use strategies to determine if they should trust a system or service. These strategies are not actively declared, but it can be useful to know which strategy is being used. We provide possible actions that users may perform when using different trust strategies and possible ways these can be captured for user studies. This document defines the accessibility and inclusion requirements to be taken into account when developing the different prototypes in the FutureID project. It also serves as a back- ground document in informing project partners about different aspects of accessibility when dealing with ICT. This includes looking at definitions, different types of users, assistive tech- nology, and other existing work in the field. Legal requirements, including storing of personal information for making systems accessible, are also covered. The document includes the accessibility and inclusion requirements for both developing and testing the client.

  • 35.
    Schulz, Trenton
    et al.
    Norsk Regnesentral.
    Fritsch, Lothar
    Norsk Regnesentral.
    Solheim, Ivar
    Norsk Regnesentral.
    Tjøstheim, Ingvar
    Norsk Regnesentral.
    Petró, Dániel
    Arfwedson, Henrik
    Back, Niklas
    uTRUSTit: Deliverable D2.2 Definition of User Scenarios2011Report (Refereed)
    Abstract [en]

    We present scenarios in the three domains of smart home, smart office, and e-voting. The smart home consists of five scenarios; the smart office includes nine scenarios; e-voting has five scenarios. These scenarios cover a variety of situations that people may encounter in their everyday life and help to illustrate the trust issues that can show up when working with the Internet of Things (IoT). The scenarios form a foundation for many of the tasks and activities in the other work packages since the scenarios capture the functionality that we will work on. We also include a list of potential devices that may be used to realize these scenarios.

  • 36.
    Tjostheim, Ingvar
    et al.
    Norsk Regnesentral.
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Similar Information Privacy Behavior in 60-65s vs. 50-59ers - Findings From A European Survey on The Elderly2018In: Proceedings of the Mobile Privacy and Security for an Ageing Population workshop at the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI) 2018; September 3, 2018,  Barcelona, Spain, Barcelona: University of Bath; Cranfield university; Northumbria university, Newcastle; University of Portsmouth , 2018Conference paper (Other academic)
    Abstract [en]

    In this article, we presentfindings from a European survey with 10 countries on the subject sharing of personal information and concernsof the citizens. We compare the age group 60-65 years old with the age group 50-59, and in addition compare the Nordic region with the non-nordic population.There are more similarities than differences. The survey indicates that many of the elderly 60-65 take steps to protect their personal data.

  • 37.
    Tjøstheim, Ingvar
    et al.
    Norsk Regnesentral.
    Leister, Wolfgang
    Norsk Regnesentral.
    Mork, Heidi
    Norsk Regnesentral.
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Research Directions for Studying Users’ Privacy Awareness2016Report (Other academic)
    Abstract [en]

    In this document, we present a set of research questions on how to evoke reflection about

    sharing of personal data and privacy. We look into analytical approaches to understand

    the phenomenon of people’s privacy behaviour and into synthetical approaches to let

    the user practise privacy skills to increase awareness using visualisation and simulation

    technologies in scenarios of relevance to the user. We also review potential risks to security,

    privacy, anonymity, and other assets and the use of information in social media, for

    advertisement and commercial activities.

  • 38. Zibuschka, Jan
    et al.
    Fritsch, Lothar
    Norsk Regnesentral.
    A hybrid approach for highly available & secure storage of pseudo-SSO credentials2012In: Secure IT Systems: 17th Nordic Conference, NordSec 2012, Karlskrona, Sweden, October 31 – November 2, 2012. Proceedings, Springer, 2012, p. 169-183Conference paper (Refereed)
    Abstract [en]

    Abstract: We present a novel approach for password/credential storage in Pseudo-SSO scenarios based on a hybrid password hashing/password syncing approach that is directly applicable to the contemporary Web. The approach supports passwords without requiring modification of the server side and thus is immediately useful; however, it may still prove useful for storing more advanced credentials in future SSO and identity management scenarios, and offers a high level of security. Keywords. Single sign-on, authentication, syncing, hashing.

  • 39.
    Zibuschka, Jan
    et al.
    Goethe University.
    Fritsch, Lothar
    Goethe University.
    Radmacher, Mike
    Goethe University.
    Scherner, Tobias
    Goethe University.
    Rannenberg, Kai
    Goethe University.
    Enabling privacy of real-life LBS: A platform for flexible mobile service provisioning2007In: New Approaches for Security, Privacy and Trust in Complex Environments, Springer, 2007, p. 325-336Conference paper (Refereed)
    Abstract [en]

    Privacy in computerized environments is perceived very differently depending on the respective point of view. Often "privacy enhancing technologies" - initiated by the user, as a measure of self-defense - are seen as conflicting with business goals such as cost-efficiency, revenue assurance, and options for further business development based on existing data. This paper presents the design and implementation of an architecture and prototype for privacy-friendly, interoperable location-based services (LBS), based on intermediation of location data via a location middleware component. The aim is to combine privacy-friendliness, efficiency, and market potential. Therefore the security interests of the stakeholders are analyzed and an architecture solution including an intermediary is introduced. Then the prototype implementation (at a mobile operator) is described and the usage of the prototype for a commercial service and product offer by the operator involved in the development is discussed.

1 - 39 of 39
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf