Kristof Verslype - Academia.edu (original) (raw)
Papers by Kristof Verslype
Systems that provide Digital Rights Management (DRM) are highly complex and extensive: DRM techno... more Systems that provide Digital Rights Management (DRM) are highly complex and extensive: DRM technologies must support a diversity of devices, users, platforms, and media, and a wide variety of system requirements concerning security, exibility, and manageability. This complexity and extensiveness poses major challenges to DRM development due to fragmentation of individual solutions, limited reuse and interoperability between DRM systems, and lack of a domain-specic structure that supports and guides the design and implementation of DRM systems and their applications. In order to handle these challenges in an eective and ecient way, we need to understand the DRM context and the internal structure of current DRM solutions. This report presents (1) an easy to understand introduction to DRM by proposing a high level architectural view, (2) an overview of the most important DRM technologies, both proprietary point solutions and open standards, and their mapping onto the architectural view, (3) an overview of the most important rights expression languages, and (4) a discussion on the evolution of DRM that can be expected in the near future. Identifying key DRM services and rights enforcement technologies, and locating them in an overall architecture brings us one step closer to a software architecture for DRM.
Data analytics, especially in the era of Big Data, opens huge possibilities in governmental conte... more Data analytics, especially in the era of Big Data, opens huge possibilities in governmental contexts. These contexts are unfortunately very fragmented and often involve the processing of personal identifiable information (PII). Since anonymisation techniques fail at truly anonymising large citizen records, the data remain in a legal sense PII to which, hence, the privacy legislation still applies. The data owner (controller) is therefore still responsible and liable for the data. This paper presents a flexible approach consistent with the European privacy legislation which 1) enables easy linking of records, 2) maximizes the control of the data-delivering government agencies, 3) minimizes the impact in case of a data breach, and 4) allows for controlled deanonymisation.
Systems that provide Digital Rights Management (DRM) are highly complex and extensive: DRM techno... more Systems that provide Digital Rights Management (DRM) are highly complex and extensive: DRM technologies must support a diversity of devices, users, platforms, and media, and a wide variety of system requirements concerning security, exibility, and manageability. This complexity and extensiveness poses major challenges to DRM development due to fragmentation of individual solutions, limited reuse and interoperability between DRM systems, and lack of a domain-specic structure that supports and guides the design and implementation of DRM systems and their applications. In order to handle these challenges in an eective and ecient way, we need to understand the DRM context and the internal structure of current DRM solutions. This report presents (1) an easy to understand introduction to DRM by proposing a high level architectural view, (2) an overview of the most important DRM technologies, both proprietary point solutions and open standards, and their mapping onto the architectural view, (3) an overview of the most important rights expression languages, and (4) a discussion on the evolution of DRM that can be expected in the near future. Identifying key DRM services and rights enforcement technologies, and locating them in an overall architecture brings us one step closer to a software architecture for DRM.
Proceedings of the 5th ACM workshop on Digital rights management, 2005
The domain of digital rights management (DRM) is currently lacking a generic architecture that su... more The domain of digital rights management (DRM) is currently lacking a generic architecture that supports interoperability and reuse of specific DRM technologies. This lack of architectural support is a serious drawback in light of the rapid evolution of a complex domain like DRM. It is highly unlikely that a single DRM technology or standard will be able to support the diversity of devices, users, platforms, and media, or the wide variety of system requirements concerning security, flexibility, and efficiency. This paper analyses state-of-the-art DRM technologies and extracts from them high level usage scenarios according to content consumers, producers, and publishers. In addition, the key services are identified both from a functional and security perspective. Identifying key DRM services and locating them in an overall structure brings us one step closer to a software architecture for DRM. Having available a software architecture should help the DRM community in reasoning about DRM systems, and in achieving reuse and interoperability of multiple domain-specific DRM technologies and standards.
Lecture Notes in Computer Science, 2010
IFIP Advances in Information and Communication Technology, 2009
iNetSec 2009 – Open Research Problems in Network Security, 2009
Although many believe that we have lost the battle for privacy, protection of what's left of the ... more Although many believe that we have lost the battle for privacy, protection of what's left of the user's privacy is all the more important. Not only should a user be able to minimize the disclosure of her personal data, she should also have rights to decide what happens with her data once they have been disclosed. In order to minimize user interaction when deciding whether or not to reveal personal data, privacy policy languages were developed. However, these languages are inadequate and cannot properly deal with the complex interactions between users, service providers, third parties, identity providers and others. Also, tool support for composing and verifying these policies and mechanisms for enforcing them are lagging behind. This paper argues the need for better privacy policies and proposes some solutions. Throughout the paper, our statements are applied to three sample applications in three different domains: e-health, banking and social networks.
… Consumer and User …, 2006
The domain of digital rights management (DRM) is currently lacking a generic software architectur... more The domain of digital rights management (DRM) is currently lacking a generic software architecture that supports interoperability between and reuse of specific DRM technologies. This lack of architectural support is a serious drawback in light of the rapid evolution of a complex domain like ...
Workshop On Privacy In The Electronic Society, 2007
User-privacy in existing identity management systems (IMS) can be improved.Indeed, private creden... more User-privacy in existing identity management systems (IMS) can be improved.Indeed, private credential systems offer privacy enhancing capabilities not yet included in current IMS; e.g. proving claims such as age > 18, with age an attribute. This paper introduces privacy enhanced claim URIs which enable to request personal data in a privacy friendly way. We show how many private credential capabilities
IFIP Advances in Information and Communication Technology, 2009
Although many believe that we have lost the battle for privacy, protection of what’s left of the ... more Although many believe that we have lost the battle for privacy, protection of what’s left of the user’s privacy is all the more important. Not only should a user be able to minimize the disclosure of her personal data, she should also have rights to decide what happens with her data once they have been disclosed. In order to minimize
Electronic identity (eID) cards are deployed in an increasing number of countries. These cards of... more Electronic identity (eID) cards are deployed in an increasing
number of countries. These cards often provide digital authentication and digital signature capabilities, but have at the same time serious privacy shortcomings. We can expect that ordering and issuing tickets for events (e.g. soccer matches) will be increasingly done using eID cards, hence, severely threatening the user’s privacy. This paper proposes two
alternative ticketing systems that are using the eID card in a bootstrap procedure, but still are providing a high degree of privacy to the user.
Lecture Notes in Computer Science, 2008
Electronic identity (eID) cards are deployed in an increasing number of countries. These cards of... more Electronic identity (eID) cards are deployed in an increasing number of countries. These cards often provide digital authentication and digital signature capabilities, but have at the same time serious privacy shortcomings. We can expect that ordering and issuing tickets for events (e.g. soccer matches) will be increasingly done using eID cards, hence, severely threatening the user's privacy. This paper proposes two alternative ticketing systems that are using the eID card in a bootstrap procedure, but still are providing a high degree of privacy to the user.
The Belgian Electronic Identity Card was introduced in 2002. The card enables Belgian citizens to... more The Belgian Electronic Identity Card was introduced in 2002. The card enables Belgian citizens to prove their identity digitally and to sign electronic documents. Today, many application developers foresee e-ID plugins in their applications. Users may even be forced to use their e-ID card to access certain services. However, inappropriate use of the card may cause harm to individuals. This paper gives a detailed overview of privacy and security dangers re- lated to the Belgian e-ID card and the current middleware. Existing threats are classifled according to multiple categories. Finally, we point to possible solutions to tackle the weaknesses.
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2010
This paper illustrates and scans the limits of the use of anonymous credentials (e.g. Idemix) on ... more This paper illustrates and scans the limits of the use of anonymous credentials (e.g. Idemix) on smart phones to preserve the user’s privacy. A prototypical application with strong privacy requirements, ePoll, will be presented in detail. To ease the implementation of such applications, a specialized identity management framework has been developed. A first prototype of the ePoll application was built
Electronic petition systems support participation in the demo- cratic decision-making process. Ho... more Electronic petition systems support participation in the demo- cratic decision-making process. However, current petition systems often have serious drawbacks in reliability and anonymity. This paper presents PetAnon, a privacy-preserving petition system that tries to tackle the shortcomings of existing systems. A proof-of- concept implementation is presented that uses the Belgian eID card in a bootstrap procedure, after which users are
Systems that provide Digital Rights Management (DRM) are highly complex and extensive: DRM techno... more Systems that provide Digital Rights Management (DRM) are highly complex and extensive: DRM technologies must support a diversity of devices, users, platforms, and media, and a wide variety of system requirements concerning security, exibility, and manageability. This complexity and extensiveness poses major challenges to DRM development due to fragmentation of individual solutions, limited reuse and interoperability between DRM systems, and lack of a domain-specic structure that supports and guides the design and implementation of DRM systems and their applications. In order to handle these challenges in an eective and ecient way, we need to understand the DRM context and the internal structure of current DRM solutions. This report presents (1) an easy to understand introduction to DRM by proposing a high level architectural view, (2) an overview of the most important DRM technologies, both proprietary point solutions and open standards, and their mapping onto the architectural view, (3) an overview of the most important rights expression languages, and (4) a discussion on the evolution of DRM that can be expected in the near future. Identifying key DRM services and rights enforcement technologies, and locating them in an overall architecture brings us one step closer to a software architecture for DRM.
Data analytics, especially in the era of Big Data, opens huge possibilities in governmental conte... more Data analytics, especially in the era of Big Data, opens huge possibilities in governmental contexts. These contexts are unfortunately very fragmented and often involve the processing of personal identifiable information (PII). Since anonymisation techniques fail at truly anonymising large citizen records, the data remain in a legal sense PII to which, hence, the privacy legislation still applies. The data owner (controller) is therefore still responsible and liable for the data. This paper presents a flexible approach consistent with the European privacy legislation which 1) enables easy linking of records, 2) maximizes the control of the data-delivering government agencies, 3) minimizes the impact in case of a data breach, and 4) allows for controlled deanonymisation.
Systems that provide Digital Rights Management (DRM) are highly complex and extensive: DRM techno... more Systems that provide Digital Rights Management (DRM) are highly complex and extensive: DRM technologies must support a diversity of devices, users, platforms, and media, and a wide variety of system requirements concerning security, exibility, and manageability. This complexity and extensiveness poses major challenges to DRM development due to fragmentation of individual solutions, limited reuse and interoperability between DRM systems, and lack of a domain-specic structure that supports and guides the design and implementation of DRM systems and their applications. In order to handle these challenges in an eective and ecient way, we need to understand the DRM context and the internal structure of current DRM solutions. This report presents (1) an easy to understand introduction to DRM by proposing a high level architectural view, (2) an overview of the most important DRM technologies, both proprietary point solutions and open standards, and their mapping onto the architectural view, (3) an overview of the most important rights expression languages, and (4) a discussion on the evolution of DRM that can be expected in the near future. Identifying key DRM services and rights enforcement technologies, and locating them in an overall architecture brings us one step closer to a software architecture for DRM.
Proceedings of the 5th ACM workshop on Digital rights management, 2005
The domain of digital rights management (DRM) is currently lacking a generic architecture that su... more The domain of digital rights management (DRM) is currently lacking a generic architecture that supports interoperability and reuse of specific DRM technologies. This lack of architectural support is a serious drawback in light of the rapid evolution of a complex domain like DRM. It is highly unlikely that a single DRM technology or standard will be able to support the diversity of devices, users, platforms, and media, or the wide variety of system requirements concerning security, flexibility, and efficiency. This paper analyses state-of-the-art DRM technologies and extracts from them high level usage scenarios according to content consumers, producers, and publishers. In addition, the key services are identified both from a functional and security perspective. Identifying key DRM services and locating them in an overall structure brings us one step closer to a software architecture for DRM. Having available a software architecture should help the DRM community in reasoning about DRM systems, and in achieving reuse and interoperability of multiple domain-specific DRM technologies and standards.
Lecture Notes in Computer Science, 2010
IFIP Advances in Information and Communication Technology, 2009
iNetSec 2009 – Open Research Problems in Network Security, 2009
Although many believe that we have lost the battle for privacy, protection of what's left of the ... more Although many believe that we have lost the battle for privacy, protection of what's left of the user's privacy is all the more important. Not only should a user be able to minimize the disclosure of her personal data, she should also have rights to decide what happens with her data once they have been disclosed. In order to minimize user interaction when deciding whether or not to reveal personal data, privacy policy languages were developed. However, these languages are inadequate and cannot properly deal with the complex interactions between users, service providers, third parties, identity providers and others. Also, tool support for composing and verifying these policies and mechanisms for enforcing them are lagging behind. This paper argues the need for better privacy policies and proposes some solutions. Throughout the paper, our statements are applied to three sample applications in three different domains: e-health, banking and social networks.
… Consumer and User …, 2006
The domain of digital rights management (DRM) is currently lacking a generic software architectur... more The domain of digital rights management (DRM) is currently lacking a generic software architecture that supports interoperability between and reuse of specific DRM technologies. This lack of architectural support is a serious drawback in light of the rapid evolution of a complex domain like ...
Workshop On Privacy In The Electronic Society, 2007
User-privacy in existing identity management systems (IMS) can be improved.Indeed, private creden... more User-privacy in existing identity management systems (IMS) can be improved.Indeed, private credential systems offer privacy enhancing capabilities not yet included in current IMS; e.g. proving claims such as age > 18, with age an attribute. This paper introduces privacy enhanced claim URIs which enable to request personal data in a privacy friendly way. We show how many private credential capabilities
IFIP Advances in Information and Communication Technology, 2009
Although many believe that we have lost the battle for privacy, protection of what’s left of the ... more Although many believe that we have lost the battle for privacy, protection of what’s left of the user’s privacy is all the more important. Not only should a user be able to minimize the disclosure of her personal data, she should also have rights to decide what happens with her data once they have been disclosed. In order to minimize
Electronic identity (eID) cards are deployed in an increasing number of countries. These cards of... more Electronic identity (eID) cards are deployed in an increasing
number of countries. These cards often provide digital authentication and digital signature capabilities, but have at the same time serious privacy shortcomings. We can expect that ordering and issuing tickets for events (e.g. soccer matches) will be increasingly done using eID cards, hence, severely threatening the user’s privacy. This paper proposes two
alternative ticketing systems that are using the eID card in a bootstrap procedure, but still are providing a high degree of privacy to the user.
Lecture Notes in Computer Science, 2008
Electronic identity (eID) cards are deployed in an increasing number of countries. These cards of... more Electronic identity (eID) cards are deployed in an increasing number of countries. These cards often provide digital authentication and digital signature capabilities, but have at the same time serious privacy shortcomings. We can expect that ordering and issuing tickets for events (e.g. soccer matches) will be increasingly done using eID cards, hence, severely threatening the user's privacy. This paper proposes two alternative ticketing systems that are using the eID card in a bootstrap procedure, but still are providing a high degree of privacy to the user.
The Belgian Electronic Identity Card was introduced in 2002. The card enables Belgian citizens to... more The Belgian Electronic Identity Card was introduced in 2002. The card enables Belgian citizens to prove their identity digitally and to sign electronic documents. Today, many application developers foresee e-ID plugins in their applications. Users may even be forced to use their e-ID card to access certain services. However, inappropriate use of the card may cause harm to individuals. This paper gives a detailed overview of privacy and security dangers re- lated to the Belgian e-ID card and the current middleware. Existing threats are classifled according to multiple categories. Finally, we point to possible solutions to tackle the weaknesses.
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2010
This paper illustrates and scans the limits of the use of anonymous credentials (e.g. Idemix) on ... more This paper illustrates and scans the limits of the use of anonymous credentials (e.g. Idemix) on smart phones to preserve the user’s privacy. A prototypical application with strong privacy requirements, ePoll, will be presented in detail. To ease the implementation of such applications, a specialized identity management framework has been developed. A first prototype of the ePoll application was built
Electronic petition systems support participation in the demo- cratic decision-making process. Ho... more Electronic petition systems support participation in the demo- cratic decision-making process. However, current petition systems often have serious drawbacks in reliability and anonymity. This paper presents PetAnon, a privacy-preserving petition system that tries to tackle the shortcomings of existing systems. A proof-of- concept implementation is presented that uses the Belgian eID card in a bootstrap procedure, after which users are