PRESENTATION

New services for the Information Society are appearing at an ever faster rate. From location-based services for roaming users or cars to RFID, from digital rights management to intrusion detection systems, from electronic payments to data mining and warehousing, an amazing plethora of new technologies are being launched and justified with the argument of increasing the security and the satisfaction of consumers. While more efficient and secure transactions may indeed benefit the consumers, corporate profits are too often the only driving force behind the development of those new technologies. Not surprisingly then, transaction security tends to emphasize corporate security more than consumer security. Worse yet, transaction privacy, which is basically a consumer requirement, tends to be given low priority, if considered at all.

The starting hypothesis of E-AEGIS is that public research funds should be allocated to make for the lack of private investment in privacy technology research. This clearly follows from the generic commitment of governments to protecting the human rights of their citizens, which include the right to privacy and private life.

The main objective of E-AEGIS is to demonstrate that transaction security in the information society is compatible with consumer privacy. Specifically, this will be demonstrated for the following three scenarios: mobile services (subproject E-AEGIS/M-PRIVACY), digital content management (subproject E-AEGIS/STEGOPRIVACY), and privacy-preserving data mining (subproject E-AEGIS/DBPRIVACY).

Subproject E-AEGIS/M-PRIVACY will consider a number of mobile services with common or similar privacy requirements: RFIDs (Radio Frequency IDentification),MANETs (Mobile Ad-hoc Networks), VANETs (Vehicular Ad-hoc Networks for car-to-car communication), location-based services for roaming users, etc. Aside from common security problems, all those services share at least three common privacy needs: i) to prevent location profiling (location privacy); ii) to ensure that data gathered by peer nodes on mobile users in an ad-hoc network are not sensitive; iii) to guarantee that the providers of mobile services do not misuse the information stored on their customers. The goal of the subproject will be to devise protocols and algorithms solving privacy issues common to (most of) those scenarios. Actually privacy need no. iii) sketched above will be tackled in co-operation with subproject E-AEGIS/DBPRIVACY.

Subproject E-AEGIS/STEGOPRIVACY will develop new steganographic methods (watermarking) for broadcast monitoring and copy detection. Whenever those methods are aimed at redistributor tracing, privacy features will be added: anonymity is only to be revoked for dishonest redistributors, but honest consumers of digital content should keep their anonymity (in a similar way as anonymity is preserved by anonymous payments).

Subproject E-AEGIS/DBPRIVACY will focus on the creation of synthetic (i.e. simulated) datasets which preserve a certain model present in an original dataset for a number of subdomains (subsets of variables and records). This will enable companies to co-operate in joint market analyses without exchanging their customers' real data, but only synthetic data. To ensure that the synthetic data really do preserve privacy, re-identification methods will be used to measure disclosure risk. New re-identification methods will be designed to take non-independent data into account. The ultimate goal is to use synthetic data also *within a company*: the corporate data warehouse will be fed with synthetic data simulating the real data collected by the operational subsystems; the operational data will be deleted at short time intervals, with the ensuing privacy gain.

Additionally, subproject E-AEGIS/M-PRIVACY will co-ordinate the development of a prototype to demonstrate the achievements of the three subprojects. Digital content will be distributed over a MANET upon request by the MANET nodes (consumers). Algorithms for MANET privacy will be demonstrated. The protection of the content will be performed while respecting the privacy of honest consumers. Finally, the synthetic versions of the log files collected by the content source will be created.

The objectives of the project perfectly fit the following priority of the National Programme on Technologies of Services for the Information Society: “2.1 Security, protection and privacy in telematic services: Certificates and digital signatures, Key management, Intellectual property and anti-fraud protection, Transaction protection and monitoring”, “2.3 Security and privacy in telematic networks. Cryptography”, “1.2 Applications of distance learning, telemedicine, peer-to-peer and multimedia over the network”.