view counter

PrivacyNew approach to balancing security and privacy

Published 17 June 2014

Online identification and authentication keeps transactions secure on the Internet, but this also has implications for your privacy. Disclosing more personal information than needed online when, say, you log in to your bank Web site may simplify the bank’s security at the cost of your privacy. Now, thanks to research by the EU-funded project Attribute-based Credentials for Trust, or ABC4Trust, there is a new approach that keeps systems secure and protects your identity.

Online identification and authentication keeps transactions secure on the Internet, but this also has implications for your privacy. Disclosing more personal information than needed online when, say, you log in to your bank Web site may simplify the bank’s security at the cost of your privacy. Now, thanks to research by the EU-funded project Attribute-based Credentials for Trust, or ABC4Trust, there is a new approach that keeps systems secure and protects your identity.

The ABC4Trust research team is piloting this technology with young people, often thought to be the less careful about their online security. “That’s not the case,” says Prof. Dr. Kai Rannenberg, coordinator of the ABC4Trust project. “The participants were very interested in learning which personal data they reveal and how they can control this. The university students especially feel that Attribute-based Credentials (ABCs) can help them manage their e-identities and enable them use Internet services in a privacy preserving way.”

For example, at Norrtullskolan secondary school in Söderhamn, Sweden, pupils can access counselling services online. Until recently, however, the pupils could not access these services using a pseudonym — they had to identify themselves by name so the school could check whether they were allowed to use them.

A CORDIS release reports that in the ABC4Trust pilot scheme, however, each child is issued with a “deck” of digital certificates that validate information like their enrolment status, their date of birth and so on. This allows the school pupils to enjoy both privacy and security. Instead of having to reveal their whole identity when using the counselling service they can simply use one of the certificates in their deck that pseudonymously verifies they are enrolled at the school.

Another pilot developed at the Computer Technology Institute and Press “Diophantus” and trialed at the University of Patras, Greece, allows students to give anonymous feedback on their courses and lecturers, while ensuring that only registered students can take part in the polls.

Prof. Rannenberg says, “Our user studies showed, that the school children, parents and the university students are happy that they are giving less of their private information when they access the services and leave feedback. Also the respective authorities are happy with the pilots and the feedback; in the not too distant future we expect more European public services and other organizations switch to Privacy-ABCs.”

According to recent research by market research organization, Ovum, 68 percent of people in EU member states would like to opt out of having our personal data tracked. In a speech in May, Commissioner Neelie Kroes stressed that it is essential for EU business “To show the citizen that going online is not just convenient, but trustworthy… With resilient and secure networks and systems I think we can build that trust.”

New ways of managing online identities that increase privacy while maintaining security are now a high priority for businesses and citizens alike. ABC4Trust makes this as easy as ABC.

ABC4Trust is a €13.05 million project, with €8.85 million funded by the European Union’s Seventh Framework Programme (FP7). The international and multidisciplinary ABC4Trust consortium is led by Johann Wolfgang Goethe-Universität Frankfurt am Main, Germany and it comprises eleven partners from seven countries. ABC4Trust started in November 2010 and will run for 4.5 years.

view counter
view counter