Abstracts of the talks

"Anonymous Credentials", Melissa Chase, Microsoft Research Redmond

Anonymous credential systems allow users to authenticate themselves in a privacy-preserving manner.  In such a system, a user can obtain credentials from an organization, and then at some later point, she can prove to the organization (or some other party) that she has been given appropriate credentials, without revealing anything else about her identity. We can even guarantee that if she uses her credential a second time, no one will be able to tell that the two interactions involved the same user, so that there will be no way anyone can trace Alice’s transactions.  This talk will survey the history of anonymous credentials, summarize the main approaches, discuss methods for adding accountability to such systems, and finally mention some very recent work on extending the functionality of such a system.

"Anonymous e-Petition Signing: Case Study of a Privacy-Preserving Identity Management based on Anonymous Credentials", Venelin Gornishki, KULeuven, ESAT, COSIC

In this talk we present a general architecture privacy preserving identity management system based on anonymous credentials, and discuss the requirements that the system
should meet. After that, we present a case study of such a system in the form of an anonymous electronic petition signing system, for which we have implemented a proof-of-concept demonstrator. We present some attacks that can be undertaken against
such a system and discuss countermeasures.

"The Adapid Framework", Kristof Verslype, KULeuven, Computer Science, Distrinet

Credentials are of old used in society; tickets, money, identity cards, etc. These are increasingly digitalized and their importance is growing and will continue to grow over time. Several credential types exist, potentially having different properties and each type can have multiple implementations. The Adapid framework offers a uniform interface to use these, thus facilitating their use, independent of the implementations that are plugged into the framework. Supported credential types are the Belgian eID card, X.509 certificates, pseudonym certificates and Idemix anonymous credentials. The available implementation is demonstrated. An outlook is given on how the framework can be extended by building extra functionality on top of the current functionality.


"Privacy-relevant features of current eID concepts in Germany", Marit Hansen, Deputy Privacy and Information Commissioner of Land Schleswig-Holstein (Germany)

In Germany, several eID initiatives such as the electronic eID card or the health card are being debated. Some of them are already or will be soon implemented and rolled out. In the area of privacy, the concepts show noteworthy features which may improve the level of data protection and/or self-determination of persons involved. However, several initiatives also involve additional risks to privacy. This talk will present the most interesting privacy-relevant features and discuss their potential impact.


"Modeling and Synthesizing Privacy-Preserving Applications", Raphael Mannadiar, McGill University (Canada)

The problems with conventional development approaches in the context of creating privacy-preserving eServices are explored. These include the large conceptual gap between security related concerns and the more logistic issues of their implementations such as user interface design and networking. Modeling and automatic synthesis of privacy-preserving applications is introduced as a solution to these problems. A high-level model of a "Prescription Issuing" scenario is explained and automatically synthesized applications are demonstrated running in an Internet Browser and on a Google Android-enabled device.


"Privacy-friendly Patient Monitoring", Kristof Verslype, KULeuven, CS, Distrinet

The life of patients with a chronical disease such as heart defects or incorrect sugar
levels can be improved considerably if they can stay at their own homes, outside medical environments such as hospitals. Instead, inconspicuous devices in the patient's home can monitor the patient; sensors can detect whether or not the patient is moving, his heart rate can be measured, etc. This data must be analyzed and in case the data is worrying, the patient's GP or one of the patient's relatives is warned, and if the situation further detoriates, an ambulance is sent to the patient's home.

In a realistic setting, data is sent from the patient's home to a central, potentially commercial, monitoring service. This monitoring service can contact the hospital closest to the patient, the patient's GP and/or one or more relatives. These entities must take the appropriate action; a hospital will have to send an ambulance, the GP can check the patient's medical data and the relative can visit or call the patient.

In current settings, the monitoring service sees and analyses the medical patient data and thus knows a lot about the patient. In this talk, approaches to improve the patient's privacy towards the monitoring service are presented.

"Liability Issues of e-Health applications",  Christophe Geuens, KULeuven, Faculty of Law, ICRI

The presentation will deal with the different liability schemes applicable to e-Health applications. Of primary interest will be the delimitation of stakeholders concerned. These differ from the stakeholders involved in the implementation scheme because among others product liability will look at the initial stages of development and production of the application. We will look at the different scopes of liability legislation since not every scheme will apply in any circumstance. For the relevant schemes it is important to clarify and illustrate the related criteria for application. The scope determines where and when legislation applies, the conditions determine whether or not one will actually be entitled to redress. We will also dedicate time to the possibilities of release or exemption. It is important especially to know the limits of release or exemption which depend on the legislation applicable. This is a recurring problem in practice and will thus require appropriate attention.


"Privacy-preserving e-Commerce", Alfredo Rial, KULeuven, ESAT, COSIC

Privacy-preserving e-Commerce provides unlinkability between buyers' identities and purchased goods. Currently, there exist two approaches for its design: hiding the identity of buyers from vendors (anonymous purchase), and hiding the items that are bought (oblivious purchase). We compare both approaches and discuss their advantages and disadvantages. Then we describe the design of an e-Commerce application that follows the second approach and analyze its efficiency.


"Is the current legal framework ready for priced-oblivious transfer schemes?", Brendan Van Alsenoy, KULeuven, Faculty of Law, ICRI

This presentation will discuss the results of the legal research relating to the storage application. It shall address questions of compliance for the priced-oblivious transfer scheme, in particular in the areas of e-Commerce, taxation, sales of goods and consumer protection. In addition to addressing questions of compliance, the purpose of the presentation is also to highlight areas in which the current framework may be lacking and requires improvement.