[liberationtech] A Toolset for Usable Security with ICT Service Networks

Sven Wohlgemuth swohlge at live.de
Tue Sep 27 02:30:42 PDT 2016 

Dear Steve,

Thank you for your interest in our research-in-progress on usable security.

Please let me reply by referring to some achievements and introducing the project leader as follows:
1) Concept
2) Implementation
3) Status & Project Leader

Ad (1) Concept
============
The conceptual challenge for resilience with ICT support by secondary use of personal data and our approach for usable security is introduced by the article "Privacy with Secondary Use of Personal Information". It relates to information accountability and information flow control. This article has been accepted by the business informatics conference MKWI 2016. Please find this article and slides @ https://www.researchgate.net/publication/296694947_Privacy_with_Secondary_Use_of_Personal_Information <https://www.researchgate.net/publication/296694947_Privacy_with_Secondary_Use_of_Personal_Information> 

Ad (2) Implementation
=================
Some data provenance protocols of this toolset have been implemented for showing their mode of operation. The exemplary use case is telemedicine.
These cryptographic protocols stem from my basic research project at National Institute of Informatics in Tokyo (NII, Prof. Sonehara & Prof. Echizen) in collaboration with Albert-Ludwig University of Freiburg, Germany (IIG Telematik, Prof. Mueller). 

This project "Privacy-compliant Disclosure of Personal Data to Third Parties" has resulted in the NII Grand Challenge Project "Transparency for ICT Resilience" and contributed to the establishment of the collaboration platform Japanese-European Institute for Security (JEISec) : http://www.nii.ac.jp/jeisec/ <http://www.nii.ac.jp/jeisec/> 

Please find a brief article about that basic research project @ https://www.researchgate.net/publication/220622115_Privacy-compliant_Disclosure_of_Personal_Data_to_Third_Parties_Schutz_der_Privatsphare_bei_der_Weitergabe_personlicher_Daten_an_Dritte <https://www.researchgate.net/publication/220622115_Privacy-compliant_Disclosure_of_Personal_Data_to_Third_Parties_Schutz_der_Privatsphare_bei_der_Weitergabe_personlicher_Daten_an_Dritte> 

A first proof-of-concept implementation by one of my former students at NII shows the mode of operation. This article is available @ https://www.researchgate.net/publication/221566602_Privacy_by_Data_Provenance_with_Digital_Watermarking_-_A_Proof-of-Concept_Implementation_for_Medical_Services_with_Electronic_Health_Records <https://www.researchgate.net/publication/221566602_Privacy_by_Data_Provenance_with_Digital_Watermarking_-_A_Proof-of-Concept_Implementation_for_Medical_Services_with_Electronic_Health_Records> 

Ad (3) Status & Project Leader
=======================
At present, we are developing this toolset further in order to realize and validate this idea using block chain as introduced by (1) and this poster. 
Regarding further details, please let me introduce the project leader to you: Dr. Kazuo Takaragi from National Institute of Advanced Industrial Science and Technology, Japan (AIST). His e-mail address is kazuo.takaragi at aist.go.jp <mailto:kazuo.takaragi at aist.go.jp>

Please do not hesitate to contact him or me, if you have any further questions or comments to this research-in-progress.

Best regards,
Sven


> On 26 Sep 2016, at 17:47, Steve Weis <steveweis at gmail.com> wrote:
> 
> Hello Sven. I don't understand what is going on in this poster. Have you implemented any part of this toolset which you can share?
> 
> On Sun, Sep 25, 2016 at 7:30 AM Sven Wohlgemuth <swohlge at live.de <mailto:swohlge at live.de>> wrote:
> Dear Community on Liberation Technology,
> 
> Please let me kindly ask for your attention on :
> 
> A Toolset for Usable Security with ICT Service Networks 
> 
> This research-in-progress is joint work with Dr. Kazuo TAKARAGI (Deputy Director, Information Technology Research Institute, National Institute of Advanced Industrial Science and Technology (AIST), Japan, http://www.itri.aist.go.jp/ <http://www.itri.aist.go.jp/en/> ) 
> 
> Please find below the abstract.
> 
> The poster with contact details is available
> @ResearchGate: https://www.researchgate.net/publication/308204104_A_Toolset_for_Usable_Security_with_ICT_Service_Networks <https://www.researchgate.net/publication/308204104_A_Toolset_for_Usable_Security_with_ICT_Service_Networks>
> @SlideShare: http://www.slideshare.net/swohlge/a-toolset-for-usable-security-with-ict-service-networks <http://www.slideshare.net/swohlge/a-toolset-for-usable-security-with-ict-service-networks>
> 
> Thank you very much in advance for your consideration.
> 
> Sincerely yours,
> Sven Wohlgemuth
> 
> 
> ==== BEGIN ABSTRACT ====
> 
> At IWSEC 2016 in Tokyo (http://www.iwsec.org/2016/ <http://www.iwsec.org/2016/>), we have presented a Toolset for Usable Security especially beneficial for the secondary use of personal information.
> Thanks to the audience for the valuable feedback.
> 
> At Great Hanshin Earthquake occurred in Kansai area, Japan in 1995, it was shown that the sharing of personal information was very important in order to maintain health and property of people who were affected by the disaster. 
> 
> Those were biometric authentication information, medical records, passbook, and so on.
> 
> Similar problems have occurred at the Great East Japan Earthquake in 2011 and the 2016 Kumamoto Earthquake.
> 
> Conventionally and presumably in future, when the secondary use of personal information should be carried out, this data controller usually plays an important role. 
> 
> For example, it is a government. 
> It approves an access to that secondary use of personal information with a limited condition.
> 
> Usually from this point of time, the owner of the personal information loses control over his or her information. It may be against the regulation or compliance, so the data controller is usually reluctant to give permission.
> 
> One of the basic ideas for solving the problem is to provide a sufficient judgment material information to the data controller in a timely manner by which the data controller can properly give a permission for the secondary use of the personal information.
> 
> Ideally in order for the perfect judgement for the data controller, it is desirable to give all the states of artifacts, natural products, all the memory of the computer, the human condition and so on. In general, it is not possible.
> 
> The first idea is that some part of personal information is anonymized and sometimes subjected to a treatment with artificial intelligence, then sent to the data controller. 
> 
> Some privacy enhancing techniques are used in the process.
> Thus, it will enable a fast and rational judgement by the data controller.
> 
> The second basic idea is to provide a means that the user does not lose control on his own data even after the secondary use of personal information has been carried out.
> 
> For this, it is important to let the user know the data provenance.
> 
> We are developing a mechanism using block chain where people can obtain the provenance of anonymous data without central authority.
> 
> Furthermore, by referring to the block chain as open data, we get an effect of being able to obtain the transparency and compliance through the process.
> 
> Currently, we are developing a set of tools necessary in order to realize these ideas. We aim to lead it to an implementation in a real society through a proof of concept in future.
> 
> That’s it. 
> Thank you very much. 
> 
> ==== END ABSTRACT ====
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> --
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech <https://mailman.stanford.edu/mailman/listinfo/liberationtech>. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu <mailto:companys at stanford.edu>.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20160927/3216982e/attachment.html>

More information about the liberationtech mailing list