Data-Centric Syst ems and Applications
Series Editors
M.J . Carey
S. Ceri
Editorial Board
P. B e r nst ei n
U. Dayal
C. Faloutsos
J.C. Freytag
G. Gardarin
W. Jon ker
V. K r i shn a m u r t hy
M A. Neimat
P. Va l duri e z
G. Weikum
K Y. Whang
J. W idom
Milan Petkovi´c · Willem Jonker (Eds.)
Secur ity, Pr ivacy,
and Trust in
Modern D ata Management
With 89 Figures and 13 Ta bles
123
Editors
Milan Petkovi´c
Philips Research Europe
High Tech Campus 34
5656 AE Eindhoven
The Netherlands

Willem Jonker
Philips Research / Twente University
Philips Research Europe
High Tech Campus 34
5656 AE Eindhoven
The Netherlands

Library of Congress Control Number: 2007925047
ACM Com puting Classificatio n ( 1998): D.4.6, E.3, H.2.7, K.6.5
ISBN 978-3-540-69860-9 Springer Berlin Heidelberg New York
This work is subject to copyright. All rights are reserved, whether the whole or part of the material
is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilm or in any other way, a nd storage i n data banks. Duplication
of this publication or parts thereof is permitted only under the provisions of the German Copyright
Law of September 9, 1965, in its current version, and permission for use must always be obtained from
Spr inger. Violations are liable for prosecution under the German Copyr ight Law.
Springer is a part of Springer Science+Business Media
springer.com
© Springer-Verlag Berlin Heidelberg 2007
The use of general descriptive names, registered names, trademarks, etc. in this publication does not
imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
Cover Design: KünkelLopka, Heidelberg
Typesetting: by the Editors
Production: LE-T
E
X Jelonek, Schmidt & Vöckler GbR, Leipzig
Printed on acid-free paper 45/3100/YL 5 4 3 2 1 0
Foreword
Advances in information and communication technologies continue to pro-

vide new means of conducting remote transactions. Services facilitated by
these technologies are spreading increasingly into our commercial and private
spheres. For many people, these services have changed the way they work,
communicate, shop, arrange travel, etc. Remote transactions, however, may
also open possibilities for fraud and other types of misuse. Hence, the require-
ment to authorize transactions may arise. Authorization may in turn call for
some kind of user authentication. When users have to provide personal infor-
mation to access services, they literally leave a part of their life on record.
As the number of sites where such records are left increases, so does the dan-
ger of misuse. So-called identity theft has become a pervasive problem, and
a general feeling of unease and lack of trust may dissuade people from using
the services on offer.
This, in a nutshell, is one of the major challenges in security engineering to-
day. How to provide services to individuals securely without making undue in-
cursions into their privacy at the same time. Decisions on the limits of privacy
intrusions – or privacy protection, for that matter – are ultimately political
decisions. Research can define the design space in which service providers and
regulators may try to find acceptable tradeoffs between security and privacy.
This book introduces the reader to the current state of privacy-enhancing
technologies. In the main, it is a book about access control. An introduction to
privacy legislation sets the scene for the technical contributions, which show
how access control has evolved to address a variety of requirements that can be
found in today’s information technology (IT) landscape. The book concludes
with an outlook on some of the security and privacy issues that arise in the
context of ambient intelligence.
Given current developments in IT that aim to let users access the services
they desire wherever they happen to be, or provide the means of monitoring
people wherever they happen to be, such a book is timely indeed. It brings
together in one place descriptions of specialized techniques that are beyond
the scope of textbooks on security. For the security practitioner the book

VI Foreword
can serve as a general reference for advanced topics in access control and
privacy-enhancing technologies. Last but not least, academics can use it as
the basis for specialized courses on those very topics; the research results
covered in this book will have a real impact only if they are appreciated by a
wider audience. This book plays a valuable part in disseminating knowledge
of these techniques.
Hamburg, Dieter Gollmann
October 2006
Preface
Information and communication technologies are advancing fast. Processing
speed is still increasing at a high rate, followed by advances in digital storage
technology, which double storage capacity every year. In contrast, the size of
computers and storage has been decreasing rapidly. Furthermore, communi-
cation technologies do not lag behind. The Internet has been widely used, as
well as wireless technologies. With a few mouse clicks, people can communi-
cate with each other around the world. All these advances have great potential
to change the way people live, introducing new concepts like ubiquitous com-
puting and ambient intelligence.
The vision of ubiquitous computing and ambient intelligence describes a
world of technology which is present everywhere in the form of smart and
sensible computing devices that are able to communicate with one another.
The technology is nonintrusive, transparent and hidden in the background. In
the ambient intelligence vision, the devices collect, process and share all kinds
of information, including user behavior, in order to act in an intelligent and
adaptive way.
Although cryptography and security techniques have been around for quite
some time, emerging technologies such the ones described above place new re-
quirements on security with respect to data management. As data is accessible
anytime anywhere, according to these new concepts, it becomes much easier

to get unauthorized data access. Furthermore, it becomes simpler to collect,
store, and search personal information and endanger people’s privacy.
In the context of these trends this book provides a comprehensive guide to
data management technologies with respect to security, privacy, and trust. It
addresses the fundamental concepts and techniques in this field, but also de-
votes attention to advanced technologies, providing a well-balanced overview
between basic and cutting-edge technologies. The book brings together issues
on security, privacy, and trust, discusses their influences and dependencies. It
starts by taking a step back to regain some perspective on the privacy and
security issues of the modern digital world. To achieve this, the book not only
lists and discusses privacy and security issues, but gives the ethical and legis-
VIII Preface
lation background in the context of data storage and processing technologies,
as well as technologies that support and implement fair information practices
in order to prevent security and privacy violations.
The main goal of the book is, however, to clarify the state of the art
and the potential of security, privacy and trust technologies. Therefore, the
main part of the book is devoted to secure data management, trust man-
agement and privacy-enhancing technologies. In addition, the book aims at
providing a comprehensive overview of digital asset protection techniques. The
requirements for secure distribution of digital assets are discussed form both
the content owner and consumer perspective. After that, the book gives an
overview of technologies and standards that provide secure distribution and
usage of information, namely digital rights management, copy protection, and
watermarking.
Finally, as a viable route towards ambient intelligence and ubiquitous com-
puting can only be achieved if security and confidentiality issues are properly
dealt with, the book reviews these newly introduced issues as well as techno-
logical solutions to them.
Intended Audience

This book is directed towards several reader categories. First of all, it is in-
tended for those interested in an in-depth overview of information security,
privacy and trust technologies. We expect that practitioners will find this
book a valuable reference when dealing with these technologies. System archi-
tects will find in it an overview of security and privacy issues, which will help
them to build systems taking into account security and privacy requirements
from the very beginning. System and software developers/engineers will find
the theoretical grounds for the design and implementation of security proto-
cols and privacy-enhancing technologies. In addition, the book includes more
advanced security and privacy topics including the ones that arise with the
concepts of ambient intelligence. As the book covers a balanced mixture of
fundamental and advanced topics in security and privacy, it will be of interest
to researchers, either those beginning research in this field or those already
involved. Last but not least, we have made a considerable effort to make this
book appropriate as a course book, primarily for undergraduate, but also for
postgraduate students.
Acknowledgements
We would like to acknowledge all the people who have helped us in the com-
pletion of this book. It is a result of a concentrated and coordinated effort of
45 eminent authors who presented their knowledge and the ideas in the area
of information security, privacy, and trust. Therefore, first of all, we would like
Preface IX
to thank them for their work. Without them, this comprehensive overview of
security, privacy and trust technologies in modern data management would
have never seen the light of day. Next, we would like to mention Stefano Ceri
and Mike Carey. Their comments were helpful in making this a better book.
Ralf Gerstner from Springer was very supportive during the editing process.
Finaly, special thanks also go to all the reviewers of the book, namely, Klaus
Kursawe, Jorge Guajardo, Jordan Chong, and Anna Zych.
Eindhoven, Milan Petkovi´c

October 2006 Willem Jonker
Contents
Part I Introduction
1 Privacy and Security Issues in a Digital World
Milan Petkovi´c, Willem Jonker 3
2 Privacy in the Law
Jeroen Terstegge 11
3 Ethical Aspects of Information Security and Privacy
Philip Brey 21
Part II Data and System Security
4 Authorization and Access Control
Sabrina De Capitani di Vimercati, Sara Foresti, Pierangela Samarati 39
5 Role-Based Access Control
Sylvia L. Osborn 55
6 XML Security
Claudio A. Ardagna, Ernesto Damiani, Sabrina De Capitani di
Vimercati, Pierangela Samarati 71
7 Database Security
Elisa Bertino, Ji-Won Byun, Ashish Kamra 87
8 Trust Management
Claudio A. Ardagna, Ernesto Damiani, Sabrina De Capitani di
Vimercati, Sara Foresti, Pierangela Samarati 103
9 Trusted Platforms
Klaus Kursawe 119
XII Contents
10 Strong Authentication with Physical Unclonable Functions
Pim Tuyls, Boris
ˇ
Skori´c 133
Part III Privacy Enhancing

11 Privacy-Preserving Data Mining
Ljiljana Brankovi´c, Zahidul Islam, Helen Giggins 151
12 Statistical Database Security
Ljiljana Brankovi´c, Helen Giggins 167
13 Different Search Strategies on Encrypted Data Compared
Richard Brinkman 183
14 Client-Server Trade-Offs in Secure Computation
Berry Schoenmakers, Pim Tuyls 197
15 Federated Identity Management
Jan Camenisch, Birgit Pfitzmann 213
16 Accountable Anonymous Communication
Claudia Diaz, Bart Preneel 239
Part IV Digital Asset Protection
17 An Introduction to Digital Rights Management Systems
Willem Jonker 257
18 Copy Protection Systems
Joop Talstra 267
19 Forensic Watermarking in Digital Rights Management
Michiel vd Veen, Aweke Lemma, Mehmet Celik, Stefan Katzenbeisser 287
20 Person-Based and Domain-Based Digital Rights
Management
Paul Koster 303
21 Digital Rights Management Interoperability
Frank Kamperman 317
22 DRM for Protecting Personal Content
Hong Li, Milan Petkovi´c 333
23 Enhancing Privacy for Digital Rights Management
Milan Petkovi´c, Claudine Conrado, Geert-Jan Schrijen, Willem Jonker . 347
Contents XIII
Part V Selected Topics on Privacy and Security in Ambient

Intelligence
24 The Persuasiveness of Ambient Intelligence
Emile Aarts, Panos Markopoulos, Boris de Ruyter 367
25 Privacy Policies
Marnix Dekker, Sandro Etalle, Jerry den Hartog 383
26 Security and Privacy on the Semantic Web
Daniel Olmedilla 399
27 Private Person Authentication in an Ambient World
Pim Tuyls and Tom Kevenaar 417
28 RFID and Privacy
Marc Langheinrich 433
29 Malicious Software in Ubiquitous Computing
Morton Swimmer 451
Index 467
List of Contributors
Emile Aarts
Philips Research
High Tech Campus 34
Eindhoven, 5656AE
The Netherlands

Claudio A. Ardagna
Universit`a degli Studi di Milano
Via Bramante 65
26013 Crema (CR) – Italia

Elisa Bertino
Purdue University
305 N. University Street
West Lafayette

IN 47907-2107, USA

Ljiljana Brankovi´c
The University of Newcastle
Callaghan, NSW 2308, Australia
ljiljana.brankovic@newcastle.
edu.au
Philip Brey
University of Twente
Postbox 217
7500AE Enschede
The Netherlands

Richard Brinkman
University of Twente
Postbus 217
7500AE Enschede
The Netherlands

Ji-Won Byun
Purdue University
305 N. University Street
West Lafayette
IN 47907-2107, USA

Jan Camenisch
IBM Zurich Research Lab
S¨aumerstrasse 4,
CH-8803 R¨uschlikon, Switzerland


Sabrina De Capitani di
Vimercati
Universit`a degli Studi di Milano
Via Bramante 65
26013 Crema (CR) – Italia

Mehmet Celik
Philips Research Europe
HighTech Campus 34
5656AE Eindhoven
The Netherlands

XVI List of Contributors
Claudine Conrado
Philips Research Europe
HighTech Campus 34
5656AE Eindhoven
The Netherlands

Ernesto Damiani
Universit`a degli Studi di Milano
Via Bramante 65
26013 Crema (CR) – Italia

Marnix Dekker
TNO ICT
Postbus 5050
2600GB Delft, The Netherlands

Claudia Diaz

K.U.Leuven ESAT-COSIC
Kasteelpark Arenberg 10
B-3001 Leuven-Heverlee, Belgium

Sandro Etalle
University of Twente
Postbus 217
7500AE Enschede
The Netherlands

Sara Foresti
Universit`a degli Studi di Milano
Via Bramante 65
26013 Crema (CR) – Italia

Helen Giggins
The University of Newcastle
Callaghan, NSW 2308, Australia

Jerry den Hartog
University of Twente
Postbus 217
7500AE Enschede
The Netherlands

Md. Zahidul Islam
The University of Newcastle
Callaghan
NSW 2308
Australia


Willem Jonker
Philips Research Europe
HighTech Campus 34
5656AE Eindhoven
The Netherlands

Frank Kamperman
Philips Research Europe
HighTech Campus 34
5656AE Eindhoven
The Netherlands

Ashish Kamra
Purdue University
305 N. University Street
West Lafayette
IN 47907-2107
USA

Stefan Katzenbeisser
Philips Research Europe
HighTech Campus 34
5656AE Eindhoven
The Netherlands

Tom Kevenaar
Philips Research Europe
HighTech Campus 34
5656AE Eindhoven

The Netherlands

List of Contributors XVII
Paul Koster
Philips Research Europe
HighTech Campus 34
5656AE Eindhoven
The Netherlands

Klaus Kursawe
Philips Research Europe
HighTech Campus 34
5656AE Eindhoven
The Netherlands

Marc Langheinrich
Institute for Pervasive Computing
ETH Zurich
8092 Zurich, Switzerland

Aweke Lemma
Philips Research Europe
HighTech Campus 34
5656AE Eindhoven
The Netherlands

Hong Li
Philips Research Europe
HighTech Campus 34
5656AE Eindhoven

The Netherlands

Panos Markopoulos
TU Eindhoven
P.O. Box 513
5600 MB Eindhoven
The Netherlands

Daniel Olmedilla
L3S Research Center and
University of Hannover
Expo Plaza 1, 30539
Hannover, Germany

Sylvia L. Osborn
The University of Western Ontario
London, ON, N6A 5B7
Canada

Milan Petkovi´c
Philips Research Europe
HighTech Campus 34
5656AE Eindhoven
The Netherlands

Birgit Pfitzmann
IBM Zurich Research Lab
S¨aumerstrasse 4
CH-8803 R¨uschlikon, Switzerland


Bart Preneel
K.U.Leuven ESAT-COSIC
Kasteelpark Arenberg 10
B-3001 Leuven-Heverlee, Belgium

Boris de Ruyter
Philips Research Europe
HighTech Campus 34
5656AE Eindhoven
The Netherlands

Pierangela Samarati
Universit`a degli Studi di Milano
Via Bramante 65
26013 Crema (CR) – Italia

Berry Schoenmakers
TU Eindhoven
P.O. Box 513
5600MB Eindhoven
The Netherlands

XVIII List of Contributors
Geert-Jan Schrijen
Philips Research Europe
HighTech Campus 34
5656AE Eindhoven
The Netherlands

Morton Swimmer

IBM Zurich Research Lab
S¨aumerstrasse 4
CH-8803 R¨uschlikon, Switzerland

Boris
ˇ
Skori´c
Philips Research Europe
HighTech Campus 34
5656AE Eindhoven
The Netherlands

Joop Talstra
Philips Research Europe
HighTech Campus 34
5656AE Eindhoven
The Netherlands

Jeroen Terstegge
Royal Philips
Groenewoudseweg 1
PO Box 218
5600MD Eindhoven
The Netherlands

Pim Tuyls
Philips Research Europe
HighTech Campus 34
5656AE Eindhoven
The Netherlands


Michiel van der Veen
Philips Research Europe
HighTech Campus 34
5656AE Eindhoven
The Netherlands

Part I
Introduction
1
Privacy and Security Issues in a Digital World
Milan Petkovi´c
1
and Willem Jonker
2
1
Philips Research, The Netherlands
2
Twente University & Philips Research, The Netherlands
Summary. This chapter reviews the most important security and privacy issues
of the modern digital world, emphasizing the issues brought by the concept of am-
bient intelligence. Furthermore, the chapter explains the organization of the book,
describing which issues and related technologies are addressed by which chapters of
the book.
1.1 Introduction
This book addresses security, privacy and trust issues in modern data manage-
ment in a world where several aspects of ubiquitous computing and ambient
intelligence visions are emerging. In the sequel, we give a short introduction
to these issues and explain how the book is organized. The book consists of
five parts. Following this introduction, the first part of the book contains two

chapters on security and privacy legislation and ethics in this digital world.
Chapter 2 focuses on the common issues and developments in privacy law
in relation to technology. This chapter explains the system of privacy pro-
tection in the law and surveys the internationally accepted privacy principles
which form the basis of the law in most jurisdictions. Next to that, the most
important interpretation rules by the courts are given and their applications
to technology are discussed. Finally, the chapter gives an outlook on the future
of the privacy law.
Chapter 3 reviews ethical aspects of information and system security and
privacy. First it focuses on computer security, addressing topics such as the
relation between computer security and national security, and then it concen-
trates on moral aspects of privacy and the impact of information technology
on privacy.
The rest of the book is organized as follows. Part II covers security issues
of modern data management. Privacy is addresses in Part III. Part IV deals
with digital asset protection technologies while Part V provides a selection
of more-specific issues brought about by the concepts of ambient intelligence
4M.Petkovi´c, W. Jonker
and ubiquitous computing. The following sections introduce security, privacy
and content protection issues, explaining in more detail each part of the book.
1.2 Security Issues
As already mentioned, information pervasiveness, along with all its benefits,
brings concerns with respect to security issues. Data is no longer hidden be-
hind the walls of a fortress. It does not reside only on mainframes physically
isolated within an organization where all kind of physical security measures are
taken to defend the data and the system. Systems are increasingly open and
interconnected, which poses new challenges for security technologies. Instead
of being a protection mechanism, as it is today, security will in the future
serve as an enabler for new value-added services. The trends mentioned in
the previous section influence every security mechanism. Therefore, Part II of

this book covers fundamental security technologies and introduces advanced
techniques.
Large and open distributed systems need flexible and scalable access con-
trol mechanisms where user authorization is based on their attributes (e.g.
credentials). Consequently, languages and mechanisms for expressing and ex-
changing policies are indispensable. The basics of access control, including
discretionary and mandatory access policies, administrative policies, as well
as the aforementioned challenges, are described in Chap. 4.
The concept of role-based access control (RBAC) faces similar challenges.
Chapter 5 introduces the basic components of RBAC and gives some guide-
lines with respect to emerging problems of designing role hierarchies in differ-
ent environments.
Extensible markup language (XML) security provides an important op-
portunity to fulfill new requirements posed by the concepts of ubiquitous
computing and ambient intelligence. It allows access privileges to be defined
directly on the structure and content of the document. Chapter 6 describes
the main characteristics of the key XML technologies such as XML signature,
XML encryption, key management specification and policy languages.
The rising trend of openness also affects databases. An organization inter-
nal database of yesterday is today already open for access by users outside
the organization. A number of attacks exists that exploits web applications
to inject malicious SQL queries. Databases are facing insider threats as key
individuals (often administrators) control all sensitive information and in-
frastructure. Chapter 7 provides most relevant concepts of database security,
discusses their usage in prevalent database management systems, such as Or-
acle, DB2, and MySQL, and covers a number of challenges including the ones
mentioned above.
As already mentioned, advanced security technologies should enable new
services in the open environment of the future. Trust management is an im-
portant mechanism closely related to security that supports interoperation,

1 Privacy and Security Issues in a Digital World 5
exactly in this open environment. Therefore, trust management systems are
becoming increasingly important and getting more and attention. In Chap. 8,
state-of-the-art systems are described, as well as several research directions,
such as trust negotiation strategies and reputation-based systems.
Consequently, the issue of trusting a computing platform to perform a task
as expected is rising. There a new initiative on trusted computing plays an
important role. It is expected that it will allow computer platforms to offer an
increased level of security, making computers safer, less prone to viruses and
malware and therefore more reliable. Trusted platform modules as well as the
consequences for authentication, secure boot, protected execution, secure I/O
and other related technologies are described in Chap. 9.
To further elaborate on the physical aspects of a trusted computing plat-
form, this part of the book is completed with Chap. 10 on physical unclonable
functions (PUFs). A PUF is a hardware system that realizes a function that
is difficult to model and reproduce. This chapter describes their role in the se-
curity of modern data management systems and elaborates on the two main
applications of PUFs, namely unclonable and cost-effective way of storing
cryptographic key material and strong authentication of objects.
1.3 Privacy Issues
A number of privacy issues also arise with the proliferation of digital tech-
nologies. Personalized services, such as reward programs (supermarket cards,
frequent flyer/buyer cards, etc.) require collection, (uncontrolled) processing,
and often even distribution of personal data and sensitive information. With
ubiquitous connectivity, people are increasingly using electronic technologies
in business-to-consumer and business-to-business settings. Examples are fi-
nancial transactions, credit card payments, business transactions, email, doc-
ument exchange, and even management of personal health records. Further-
more, new technologies are being used for the purpose of monitoring and
recording behaviors of individuals who may not even be aware of it. This data

typically includes personal information and is essentially privacy sensitive.
The flow of this information will almost certainly get out of the individuals’
control, thus creating serious privacy concerns. Therefore, there is an obvious
need for technologies that support these new services but ensure people’s pri-
vacy. Part III of this book addresses these concerns and provides an overview
of the most important privacy-enhancing technologies.
Thanks to the same trends described above, data mining technologies are
becoming increasingly used. Organizations are creating large databases that
record information about their customers. This information is analyzed to
extract valuable nonobvious information for their businesses. However, these
techniques are particularly vulnerable to misuse and revealing of individual
data records. Chapter 11 deals with privacy-preserving data mining technolo-
6M.Petkovi´c, W. Jonker
gies that have been developed for this problem. It presents multiparty com-
putation and data modification as the two main techniques currently used.
Chapter 12 continues on a similar topic, which is the protection of privacy-
sensitive data used for statistical purposes. It presents the model and concepts
of a statistical database and surveys two important techniques for privacy
preservation: restriction and noise addition.
With increased connectivity data confidentiality becomes increasingly im-
portant. Although cryptographic techniques, which consequently gain more
attention, solve basic problems, they also introduce new ones such as search-
ing encrypted data. The basic problem is that it is difficult to search in an
outsourced database in which the data is encrypted. Chapter 13 reviews and
compares several search methods that support searching functionality without
any loss of data confidentiality.
Chapter 14 extends on previous chapters and addresses a specific prob-
lem in multiparty computation of a server and a resource-limited client. It
introduces a framework of secure computation based on threshold homomor-
phic cryptography and the necessary protocols needed for this specific setting.

Then, the chapter describes two applications of this framework for private bio-
metrics and secure electronic elections.
As already mentioned, people nowadays are involved in an increasing num-
ber of electronic transactions with a number of parties. These transactions
usually include authentication and attribute exchange. To secure them and
protect his privacy the user has to maintain a number of user names/passwords
with these organizations. This is exactly the problem addressed by federated
identity management technologies. Chapter 15 introduces two approaches to
solve the aforementioned problems: browser-based federated identity manage-
ment and private credentials.
The privacy-enhancing technologies presented in this part of the book
often require anonymous communication channels and appropriate protocols.
Furthermore, an important requirement in many systems is accountability,
which is often conflicting with anonymity. Chapter 16 introduces the concept
of controlled anonymous communications, presents the main building blocks
of an anonymity infrastructure and shows how they can be used to build a
large-scale accountable anonymity system.
1.4 Digital Asset Protection Issues
Digital content distribution is one of the fastest emerging activities nowadays.
The trend towards digital content distribution gives great opportunities for
commercial content providers and consumers, but also poses some threats, as
digital content can be very easily illegally copied and distributed. Therefore,
commercial content providers need technologies accompanied by legislation
which can prevent illegal use of digital content. Digital rights management
1 Privacy and Security Issues in a Digital World 7
(DRM) is a collection of technologies that provides content protection by en-
forcing the use of digital content according to granted rights. It enables content
providers to protect their copyrights and maintain control over distribution of
and access to content. Part IV of this book is devoted to these digital rights
management technologies.

Chapter 17 gives an introduction to digital rights management. This chap-
ter reviews the early approaches and explains the basic concepts of DRM using
the Open Mobile Alliance DRM system as an example.
The fight against piracy started however with copy protection systems.
The early methods dealt with audio and video tapes while copy protection
is now an integral part of the distribution of all forms of digital content and
software on mainly optical media. A historical overview of copy protection
techniques is given in Chap. 18, which also describes popular copy protection
techniques.
Chapter 19 elaborates on digital watermarking, which allows the addition
of hidden verification messages (e.g. copyright) to digital data such as au-
dio/video signals. As opposed to encryption-based DRM systems, watermarking-
based systems leave the content in the clear, but insert information that allows
usage control or usage tracking. This chapter describes the basic principles of
digital watermarking and discuss its application to forensic tracking.
DRM systems are often accused of being against the consumers. In fact,
initially, they are built to protect the interest of content owners. Chapter 20
looks at DRM systems from the consumer perspective and introduces two ba-
sic concepts relevant for them: authorized domains and person-based DRM.
Finally it devotes special attention to the combination of the two, its archi-
tecture, user, license, and domain management.
Another big issue in DRM is interoperability. To achieve wide adoption
of DRM technology, simple and seamless user experience is indispensable.
Finally the dream of many people is that digital content will be available
to anyone, anytime, anywhere, on any device. Therefore, DRM technology
providers must find ways to make their products interoperable. This topic is
addressed in Chap. 21. The chapter defines the interoperability problem and
discusses it on three different layers: protected content, licenses, and trust
and key management. Then, it describes state-of-the-art solutions to these
problems on the level of platform and interfaces. Furthermore, business and

user aspects in relation to DRM interoperability are discussed.
In parallel to the introduction of commercial multimedia download ser-
vices, there is also a clear increase in the production of digital information such
as digital photos and home videos by consumers. As a consequence, consumers
have to deal with an ever-growing amount of personal digital data, along-
side downloaded commercial content. Some of this personal content might
be highly confidential and in need of protection. Consequently, the consumer
wants to share it in a controlled way so that he can control the use of his con-
tent by persons with whom he shares it. Such a DRM system for controlled
sharing of personal content is presented in Chap. 22. The chapter starts with
8M.Petkovi´c, W. Jonker
scenarios and requirements and continues with the introduction of the DRM
approach and the system architecture. Finally, the chapter presents practical
solutions for protecting and sharing personal content as well as for ownership
management and multiple-user issues.
Chapter 23 addresses privacy issues in DRM systems. The main chal-
lenge is how to allow a user to interact with the system in an anony-
mous/pseudonymous way, while preserving all the security requirements of
usual DRM systems. To achieve this goal a set of protocols and methods for
managing user identities and interactions with the system during the pro-
cess of acquiring and consuming digital content is presented. Furthermore, a
method that supports anonymous transfer of licenses is discussed. It allows a
user to transfer a piece of content to another user without the content provider
being able to link the two users.
1.5 Privacy and Security in an Ambient World
The vision of ambient intelligence (AmI) assumes that technology is present
everywhere in the form of smart computing devices that respond and adapt
to the presence of people. The devices communicate with each other, and
are nonintrusive, transparent, and invisible. Moreover, as communication is
expected to happen anytime, anywhere, most of the connections are done in

a wireless and often ad hoc manner.
The concepts of ambient intelligence and ubiquitous computing that will
have a major influence on security and privacy are:
• Ubiquity: smart digital devices will be everywhere and part of the living
environment of people. They will be available, for instance, when driving
a car or waiting for the train to arrive.
• Sensing: as already mentioned, the environment will be equipped with a
large number of sensors. The sensors will gather information about gen-
eral things like room temperature, but can also register who enters a room,
analyze the movement of a person and even sense his/her emotional con-
dition.
• Invisibility: the devices and sensors will not only be everywhere, but will
also largely disappear from sight. People will not even be aware that sen-
sors are monitoring them. Moreover, there is a big fear that control over
personal information will get out of the hands of users.
• Memory amplification: the information gathered by the sensors will be
stored and used for later behavior prediction, improving support of the
ambient environment. No matter how sensitive the information is, there is
a large chance that it will be stored and used for different purposes.
• Connectivity: smart sensors and devices will not only be everywhere but
they will also be connected to each other. Connectivity also implies no
control over dissemination of information. Once information has been col-
lected it can end up anywhere.
1 Privacy and Security Issues in a Digital World 9
• Personalization: in addition to connectivity, a chief concept to ambient
intelligence is that of personalization. Personalization implies that infor-
mation about the user must be collected and analyzed by the environment
in order for adaptation to that user to happen. The environment will keep
track of specific habits and preferences of a person. However, the concept
of personalization is, in principle, contradictory to the privacy concepts of

anonymity and pseudonymity.
As mentioned above, future ambient environments will integrate a huge
amount of sensors (cameras, microphones, biometric detectors, and all kinds
of sensors), which means that the ambient will be capable of capturing some
of the user’s biometrics (face, speech, fingerprints, etc.). Consequently, the
ambient environment will be able of cross-referencing the user’s profile, ac-
tivities, location and behavior with his photo, for example. Furthermore, the
concept of omnipresent connectivity may make it possible that biometric data
could be cross-referenced with some public databases, which will result in the
disclosure of the user identity.
It is obvious that security and privacy issues brought by the future ambient
world go beyond the threats people are used to nowadays. On the other hand,
people are increasingly aware and concerned about their privacy and security.
Therefore, it is very important to investigate how the level of privacy and
security which people currently have can be kept after the introduction of
these new concepts. Furthermore, it is important to develop methods that
will build trust in these new concepts.
Part V of this book addresses specific privacy and security topics of the
ambient world. It starts with an introduction to ambient intelligence in Chap.
24. This chapter briefly revisits the foundations of ambient intelligence. Then,
it introduces notions of compliance and ambient journaling to develop an
understanding of the concept of ambient persuasion. Finally, the ethics of
ambient intelligence is also addressed.
The following chapters address the privacy concerns mentioned above, be-
ginning with privacy policies. Chapter 25 deals with different stages in the
lifecycle of personal data processing, the collection stage, the internal pro-
cessing stage and the external processing stage, which is typical for ambient
intelligence scenarios. It reviews technologies that cover each of these stages,
the platform for privacy preferences (P3P) for the collection stage, the plat-
form for enterprise privacy practices (E-P3P) for the processing stage and

audit logic for the external processing stage.
The semantic Web goes one step beyond the above mentioned exchange
of information. It envisions a distributed environment in which information
is machine-understandable and semantically self-describable. This in turn re-
quires semantically enriched processes to automate access to sensitive infor-
mation. Chapter 26 extends on the previous chapter, describing exchange and
interaction of privacy policies on the semantic Web as well as the role of
ontologies for conflict detection and validation of policies.
10 M. Petkovi´c, W. Jonker
As already mentioned, in the future world of ambient intelligence it is ex-
pected that a user will be required to perform identification regularly when-
ever he changes environment (e.g., in a shop, public transportation, library,
hospital). Biometric authentication may be used to make this process more
transparent and user friendly. Consequently the reference information (user’s
biometrics) must be stored everywhere. However this information is about
unique characteristics of human beings and is therefore highly privacy sen-
sitive. Furthermore, widespread use of this information drastically increases
chances for identity theft, while the quantity of this information is limited
(people only have two eyes). In Chap. 27, a novel technology, called biometric
template protection, that protects the biometric information stored in bio-
metric systems is introduced.
Radio-frequency identification (RFID) is an automatic identification method
that is expected to be prevalently used in the future concepts of ambient in-
telligence and ubiquitous computing. The number of potential applications is
large. However, with its first deployment public fears about its security and
privacy exploded. Chapter 28 is devoted to privacy of RFID tags. It introduces
the RFID technology, provides an overview of RFID privacy challenges as well
as an overview of proposed technical RFID privacy solutions. Furthermore, it
considers the problem taking into account applications and policy to evaluate
the feasibility of the proposed solutions.

Last but not least, in Chap. 29, the book devotes attention to malicious
software and its evolution in the context of ubiquitous computing and ambient
intelligence. This chapter brings the reader from current malicious software
and defending methods to a projection of the problems of future systems,
taking into account the aforementioned aspects of ambient intelligence.