Fourth adapID Workshop

Home     Partners     Events     Documents     Links     Contact     Private

4th Workshop November 17, 2009

What ?

This Workshop is organized to present the results of the adapID (Advanced Applications for e-ID Cards in Flanders) project to the public.

The goal of the adapID project is to develop a framework for secure and privacy-preserving applications based on the Belgian e-ID card, focussing mainly on e-government, e-health and storage applications, and taking into account both technical and legal aspects.

The research consortium consists of seven partners, each bringing their own expertise in this project:

  • Coordinator research group COSIC, ESAT, K.U.Leuven
  • Research group DistriNet, Department of Computer Science, K.U.Leuven
  • Research group ICRI, Faculty of Law, K.U.Leuven
  • Research group McGill, McGill University (Canada)
  • INTESI Group Belgium
  • L-SEC - Leuven Security Excellence Consortium (Belgium)

In this Workshop the results of the fourth year of the project will be presented. We shall also have presentations by two invited speakers: Melissa Chase , from Microsoft Research Redmond, and Marit Hansen , Deputy Privacy and Information Commissioner of Land Schleswig-Holstein (Germany).

When and where ?

Tuesday, November 17, 2009.

Katholieke Universiteit Leuven
Departement Elektrotechniek (ESAT),
 Room 00.62
Kasteelpark Arenberg 10
3001 Leuven-Heverlee

You can find directions at this location:

No registration fee is required to attend the workshop. This is an open workshop - everybody can attend it, but we require participants to register. You can register by sending an email to Please send us an email also if you are interested on receiving further information on the project.


09:50-10:00 Welcome and introduction to ADAPID, Claudia Diaz, KULeuven, ESAT, COSIC
10:00-11:00 "Anonymous Credentials", Melissa Chase, Microsoft Research Redmond
11:00-11:30 "Anonymous e-Petition Signing: Case Study of a Privacy-Preserving Identity Management based on Anonymous Credentials", Venelin Gornishki, KULeuven, ESAT, COSIC
11:30-12:00 "The Adapid Framework", Kristof Verslype, KULeuven, Computer Science, Distrinet
12:00-12:45 Lunch 
12:45-13:35 "Privacy-relevant features of current eID concepts in Germany", Marit Hansen, Deputy Privacy and Information Commissioner of Land Schleswig-Holstein (Germany)
13:35-13:55 "Modeling and Synthesizing Privacy-Preserving Applications", Raphael Mannadiar, McGill University (Canada)
13:55-14:15 "Privacy-friendly Patient Monitoring", Kristof Verslype, KULeuven, Computer Science, Distrinet
14:15-14:35 "Liability Issues of e-Health applications", Christophe Geuens, KULeuven, Faculty of Law, ICRI
14:35-14:50 Coffee break 
14:50-15:20 "Privacy-preserving e-Commerce", Alfredo Rial, KULeuven, ESAT, COSIC
15:20-15:40 "Is the current legal framework ready for priced-oblivious transfer schemes?", Brendan Van Alsenoy, KULeuven, Faculty of Law, ICRI

 Abstracts of the talks

"Anonymous Credentials", Melissa Chase, Microsoft Research Redmond
Anonymous credential systems allow users to authenticate themselves in a privacy-preserving manner.  In such a system, a user can obtain credentials from an organization, and then at some later point, she can prove to the organization (or some other party) that she has been given appropriate credentials, without revealing anything else about her identity. We can even guarantee that if she uses her credential a second time, no one will be able to tell that the two interactions involved the same user, so that there will be no way anyone can trace Alice’s transactions.  This talk will survey the history of anonymous credentials, summarize the main approaches, discuss methods for adding accountability to such systems, and finally mention some very recent work on extending the functionality of such a system.

"Anonymous e-Petition Signing: Case Study of a Privacy-Preserving Identity Management based on Anonymous Credentials", Venelin Gornishki, KULeuven, ESAT, COSIC
In this talk we present a general architecture privacy preserving identity management system based on anonymous credentials, and discuss the requirements that the system
should meet. After that, we present a case study of such a system in the form of an anonymous electronic petition signing system, for which we have implemented a proof-of-concept demonstrator. We present some attacks that can be undertaken against
such a system and discuss countermeasures.

"The Adapid Framework", Kristof Verslype
, KULeuven, Computer Science, Distrinet

Credentials are of old used in society; tickets, money, identity cards, etc. These are increasingly digitalized and their importance is growing and will continue to grow over time. Several credential types exist, potentially having different properties and each type can have multiple implementations. The Adapid framework offers a uniform interface to use these, thus facilitating their use, independent of the implementations that are plugged into the framework. Supported credential types are the Belgian eID card, X.509 certificates, pseudonym certificates and Idemix anonymous credentials. The available implementation is demonstrated. An outlook is given on how the framework can be extended by building extra functionality on top of the current functionality.

"Privacy-relevant features of current eID concepts in Germany", Marit Hansen, Deputy Privacy and Information Commissioner of Land Schleswig-Holstein (Germany)

In Germany, several eID initiatives such as the electronic eID card or the health card are being debated. Some of them are already or will be soon implemented and rolled out. In the area of privacy, the concepts show noteworthy features which may improve the level of data protection and/or self-determination of persons involved. However, several initiatives also involve additional risks to privacy. This talk will present the most interesting privacy-relevant features and discuss their potential impact.

"Modeling and Synthesizing Privacy-Preserving Applications", Raphael Mannadiar, McGill University (Canada)

The problems with conventional development approaches in the context of creating privacy-preserving eServices are explored. These include the large conceptual gap between security related concerns and the more logistic issues of their implementations such as user interface design and networking. Modeling and automatic synthesis of privacy-preserving applications is introduced as a solution to these problems. A high-level model of a "Prescription Issuing" scenario is explained and automatically synthesized applications are demonstrated running in an Internet Browser and on a Google Android-enabled device.

"Privacy-friendly Patient Monitoring", Kristof Verslype, KULeuven, CS, Distrinet
The life of patients with a chronical disease such as heart defects or incorrect sugar
levels can be improved considerably if they can stay at their own homes, outside medical environments such as hospitals. Instead, inconspicuous devices in the patient's home can monitor the patient; sensors can detect whether or not the patient is moving, his heart rate can be measured, etc. This data must be analyzed and in case the data is worrying, the patient's GP or one of the patient's relatives is warned, and if the situation further detoriates, an ambulance is sent to the patient's home.

In a realistic setting, data is sent from the patient's home to a central, potentially commercial, monitoring service. This monitoring service can contact the hospital closest to the patient, the patient's GP and/or one or more relatives. These entities must take the appropriate action; a hospital will have to send an ambulance, the GP can check the patient's medical data and the relative can visit or call the patient.

In current settings, the monitoring service sees and analyses the medical patient data and thus knows a lot about the patient. In this talk, approaches to improve the patient's privacy towards the monitoring service are presented.

"Liability Issues of e-Health applications",  Christophe Geuens, KULeuven, Faculty of Law, ICRI

The presentation will deal with the different liability schemes applicable to e-Health applications. Of primary interest will be the delimitation of stakeholders concerned. These differ from the stakeholders involved in the implementation scheme because among others product liability will look at the initial stages of development and production of the application. We will look at the different scopes of liability legislation since not every scheme will apply in any circumstance. For the relevant schemes it is important to clarify and illustrate the related criteria for application. The scope determines where and when legislation applies, the conditions determine whether or not one will actually be entitled to redress. We will also dedicate time to the possibilities of release or exemption. It is important especially to know the limits of release or exemption which depend on the legislation applicable. This is a recurring problem in practice and will thus require appropriate attention.

"Privacy-preserving e-Commerce", Alfredo Rial

Privacy-preserving e-Commerce provides unlinkability between buyers' identities and purchased goods. Currently, there exist two approaches for its design: hiding the identity of buyers from vendors (anonymous purchase), and hiding the items that are bought (oblivious purchase). We compare both approaches and discuss their advantages and disadvantages. Then we describe the design of an e-Commerce application that follows the second approach and analyze its efficiency.

"Is the current legal framework ready for priced-oblivious transfer schemes?", Brendan Van Alsenoy
, KULeuven, Faculty of Law, ICRI

This presentation will discuss the results of the legal research relating to the storage application. It shall address questions of compliance for the priced-oblivious transfer scheme, in particular in the areas of e-Commerce, taxation, sales of goods and consumer protection. In addition to addressing questions of compliance, the purpose of the presentation is also to highlight areas in which the current framework may be lacking and requires improvement.