Abstract
Security and privacy are essential in today’s information-driven society. However, security technologies and privacy-enhancing technologies (PETs) are often difficult to integrate in applications due to their inherent complexity and steep learning curve. In this paper, we present a flexible, technology agnostic development framework that facilitates the integration of security and privacy-preserving technologies into applications. Technology-specific configuration details are shifted from the application code to configuration policies. These policies are configured by domain experts independently from the application’s source code. We developed a prototype in Java, called PriMan, which runs on both desktops and Android based devices. Our experimental evaluation demonstrates that PriMan introduces a low and acceptable overhead (e.g., less than one millisecond per operation). In addition, we compare PriMan with other, freely available solutions. PriMan facilitates the integration of PETs and security technologies in current and future applications.
Chapter PDF
Similar content being viewed by others
References
OWASP: OWASP Mobile Security Project — Top Ten Mobile Risks (2013), https://www.owasp.org/index.php/OWASP_Mobile_Security_Project
MobCom Project: MobCom: A Mobile Companion (2013), http://www.mobcom.org/
Camenisch, J.L., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)
Specification of the Identity Mixer cryptographic library – version 2.3.2, IBM Research – Zurich (2010)
Camenisch, J., Mödersheim, S., Neven, G., Preiss, F.S., Sommer, D.: A card requirements language enabling privacy-preserving access control. ACM (2010)
Camenisch, J., Krontiris, I., Lehmann, A., Neven, G., Paquin, C., Rannenberg, K.: H2. 1-abc4trust architecture for developers. Heartbeat (2012)
Housley, R., Ford, W., Polk, W., Solo, D.: Rfc 2459 - internet x.509 public key infrastructure certificate and CRL profile (1999)
Camenisch, J.L., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)
Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)
ABC4Trust Project: ABC4Trus EU Project - Official Website (2013), https://www.abc4trust.eu/
Housley, R.: RFC 5652 - Cryptographic Message Syntax, CMS (2009)
Preiss, F.-S.: Credential-Based Authentication Framework With Built-In Ready-To-Use Identity Mixer Support (2011), http://www.zurich.ibm.com/~frp/com.ibm.zurich.authn.cb/
adapID Project: advanced applications for electronic IDentity cards in Flanders (2009), http://www.cosic.esat.kuleuven.be/adapid/
Camenisch, J., Shelat, A., Sommer, D., Fischer-Hübner, S., Hansen, M., Krasemann, H., Lacoste, G., Leenes, R., Tseng, J.: Privacy and identity management for everyone. ACM (2005)
PrimeLife Project: PrimeLife - Bringing sustainable privacy and identity management to future networks and services (2013), http://primelife.ercim.eu/
Hansen, M., Berlich, P., Camenisch, J., Clauß, S., Pfitzmann, A., Waidner, M.: Privacy-enhancing identity management. Information Security Technical Report (2004)
Hansen, M., Schwartz, A., Cooper, A.: Privacy and identity management. IEEE Security Privacy 6(2), 38–45 (2008)
Bichsel, P., Camenisch, J., Preiss, F.S.: A comprehensive framework enabling data-minimizing authentication. ACM (2011)
Maganis, G., Shi, E., Chen, H., Song, D.: Opaak: using mobile phones to limit anonymous identities online. ACM (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Put, A., Dacosta, I., Milutinovic, M., De Decker, B. (2014). PriMan: Facilitating the Development of Secure and Privacy-Preserving Applications. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds) ICT Systems Security and Privacy Protection. SEC 2014. IFIP Advances in Information and Communication Technology, vol 428. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-55415-5_34
Download citation
DOI: https://doi.org/10.1007/978-3-642-55415-5_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-55414-8
Online ISBN: 978-3-642-55415-5
eBook Packages: Computer ScienceComputer Science (R0)