Read more
Advances in information and communication technologies continue to p- vide new means of conducting remote transactions. Services facilitated by these technologies are spreading increasingly into our commercial and private spheres. For many people, these services have changed the way they work, communicate, shop, arrange travel, etc. Remote transactions, however, may also open possibilities for fraud and other types of misuse. Hence, the requi- ment to authorize transactions may arise. Authorization may in turn call for some kind of user authentication. When users have to provide personal inf- mation to access services, they literally leave a part of their life on record. As the number of sites where such records are left increases, so does the d- ger of misuse. So-called identity theft has become a pervasive problem, and a general feeling of unease and lack of trust may dissuade people from using the services on o?er. This,inanutshell,isoneofthemajorchallengesinsecurityengineering- day. How to provide servicesto individuals securelywithout making undue - cursions into their privacy at the same time. Decisions on the limits of privacy intrusions - or privacy protection, for that matter - are ultimately political decisions. Research can de?ne the design space in which service providers and regulators may try to ?nd acceptable tradeo?s between security and privacy.
List of contents
Part I: Introduction.- Ambient Intelligence - Privacy and Security Issues in an Ambient World - Legislation background for the Security and Privacy in the AmI Context.- Part II: Digital Asset Protection: Introduction to DRM - OMA Standardization - Person-based DRM - CE Standardizations:Coral and Marlin - DRM for Protecting Personal Content - Protecting Electronic Health Records - Template Protection - Watermarking - Copy Protection.- Part III: Privacy in Ambient World:Privacy in Ambient World - Private Profile Matching - Search on Encrypted Data - Privacy-preserving Data Mining - Semantic Web and Privacy - RFID and Privacy - Identity Management - Private Information Retrieval.- Part IV: Security in Ambient World:Database Security - Authorization and Access Control - Role-based Access Control - Statistical Database Security - XML Security - Software Tamper Resistance - Mobile Code Security - Malware - Trust Management.
About the author
Milan Petkovic is a senior scientist in the ISS group (Information and System Security) at the Philips Research in Eindhoven, the Netherlands. Among his research interests are information security, secure content management, privacy protection, multimedia information retrieval, and database systems.
Willem Jonker is currently department head of the Information and System Security department at Philips Research. In addition, he is a part-time full professor of computer science at Twente University. Among his research interest are secure data management, DRM, copyright protection, secure databases, distributed applications, and content management.
Summary
Advances in information and communication technologies continue to p- vide new means of conducting remote transactions. Services facilitated by these technologies are spreading increasingly into our commercial and private spheres. For many people, these services have changed the way they work, communicate, shop, arrange travel, etc. Remote transactions, however, may also open possibilities for fraud and other types of misuse. Hence, the requi- ment to authorize transactions may arise. Authorization may in turn call for some kind of user authentication. When users have to provide personal inf- mation to access services, they literally leave a part of their life on record. As the number of sites where such records are left increases, so does the d- ger of misuse. So-called identity theft has become a pervasive problem, and a general feeling of unease and lack of trust may dissuade people from using the services on o?er. This,inanutshell,isoneofthemajorchallengesinsecurityengineering- day. How to provide servicesto individuals securelywithout making undue - cursions into their privacy at the same time. Decisions on the limits of privacy intrusions – or privacy protection, for that matter – are ultimately political decisions. Research can de?ne the design space in which service providers and regulators may try to ?nd acceptable tradeo?s between security and privacy.
