New services for the Information Society are appearing
at an ever faster rate. From location-based services for roaming
users or cars to RFID, from digital rights management to intrusion
detection systems, from electronic payments to data mining and
warehousing, an amazing plethora of new technologies are being
launched and justified with the argument of increasing the security
and the satisfaction of consumers. While more efficient and secure
transactions may indeed benefit the consumers, corporate profits
are too often the only driving force behind the development of
those new technologies. Not surprisingly then, transaction security
tends to emphasize corporate security more than consumer security.
Worse yet, transaction privacy, which is basically a consumer requirement,
tends to be given low priority, if considered at all.
The starting hypothesis of E-AEGIS is that public research funds
should be allocated to make for the lack of private investment
in privacy technology research. This clearly follows from the generic
commitment of governments to protecting the human rights of their
citizens, which include the right to privacy and private life.
The main objective of E-AEGIS is to demonstrate that transaction
security in the information society is compatible with consumer
privacy. Specifically, this will be demonstrated for the following
three scenarios: mobile services (subproject E-AEGIS/M-PRIVACY),
digital content management (subproject E-AEGIS/STEGOPRIVACY), and
privacy-preserving data mining (subproject E-AEGIS/DBPRIVACY).
Subproject E-AEGIS/M-PRIVACY will consider a number of mobile
services with common or similar privacy requirements: RFIDs (Radio
Frequency IDentification),MANETs (Mobile Ad-hoc Networks), VANETs
(Vehicular Ad-hoc Networks for car-to-car communication), location-based
services for roaming users, etc. Aside from common security problems,
all those services share at least three common privacy needs: i)
to prevent location profiling (location privacy); ii) to ensure
that data gathered by peer nodes on mobile users in an ad-hoc network
are not sensitive; iii) to guarantee that the providers of mobile
services do not misuse the information stored on their customers.
The goal of the subproject will be to devise protocols and algorithms
solving privacy issues common to (most of) those scenarios. Actually
privacy need no. iii) sketched above will be tackled in co-operation
with subproject E-AEGIS/DBPRIVACY.
Subproject E-AEGIS/STEGOPRIVACY will develop new steganographic
methods (watermarking) for broadcast monitoring and copy detection.
Whenever those methods are aimed at redistributor tracing, privacy
features will be added: anonymity is only to be revoked for dishonest
redistributors, but honest consumers of digital content should
keep their anonymity (in a similar way as anonymity is preserved
by anonymous payments).
Subproject E-AEGIS/DBPRIVACY will focus on the creation of synthetic
(i.e. simulated) datasets which preserve a certain model present
in an original dataset for a number of subdomains (subsets of variables
and records). This will enable companies to co-operate in joint
market analyses without exchanging their customers' real data,
but only synthetic data. To ensure that the synthetic data really
do preserve privacy, re-identification methods will be used to
measure disclosure risk. New re-identification methods will be
designed to take non-independent data into account. The ultimate
goal is to use synthetic data also *within a company*: the corporate
data warehouse will be fed with synthetic data simulating the real
data collected by the operational subsystems; the operational data
will be deleted at short time intervals, with the ensuing privacy
Additionally, subproject E-AEGIS/M-PRIVACY will co-ordinate the
development of a prototype to demonstrate the achievements of the
three subprojects. Digital content will be distributed over a MANET
upon request by the MANET nodes (consumers). Algorithms for MANET
privacy will be demonstrated. The protection of the content will
be performed while respecting the privacy of honest consumers.
Finally, the synthetic versions of the log files collected by the
content source will be created.
The objectives of the project perfectly fit the following priority
of the National Programme on Technologies of Services for the Information
Society: “2.1 Security, protection and privacy in telematic
services: Certificates and digital signatures, Key management,
Intellectual property and anti-fraud protection, Transaction protection
and monitoring”, “2.3 Security and privacy in telematic
networks. Cryptography”, “1.2 Applications of distance
learning, telemedicine, peer-to-peer and multimedia over the network”.