Kai Rannenberg's research while affiliated with Goethe-Universität Frankfurt am Main and other places

Publications (110)

Chapter
Enabling cybersecurity and protecting personal data are crucial challenges in the development and provision of digital service chains. Data and information are the key ingredients in the creation process of new digital services and products. While legal and technical problems are frequently discussed in academia, ethical issues of digital service c...
Article
This paper provides the survey materials used to collect the data for the conceptual replication of the Internet Users' Information Privacy Concerns (IUIPC) model by Malhotra et al. (2004). The replication paper (Pape et al., 2020) used awareness, collection and control as constructs for the second order construct of IUIPC, as well as risk and trus...
Article
To expand the understanding of privacy concerns in the digital sphere, this paper makes use of the Internet Users' Information Privacy Concerns (IUIPC) model by Malhotra et al. (2004). The lack of empirical studies conducted in East-Asian societies makes it difficult, if not impossible, to shed light on multi-cultural differences in information pri...
Conference Paper
Full-text available
Today’s environment of data-driven business models relies heavily on collecting as much personal data as possible. Besides being protected by governmental regulation, internet users can also try to protect their privacy on an individual basis. One of the most famous ways to accomplish this, is to use privacy-enhancing technologies (PETs). However,...
Conference Paper
Smartphone apps have the power to monitor most of peo-ple's private lives. Apps can permeate private spaces, access and map social relationships, monitor whereabouts and chart people's activities in digital and/or real world. We are therefore interested in how much information a particular app can and intends to retrieve in a smartphone. Privacy-fr...
Chapter
Protecting enterprise’s confidential data and infrastructure against adversaries and unauthorized accesses has been always challenging. This gets even more critical when it comes to smartphones due to their mobile nature which enables them to have access to a wide range of sensitive information that can be misused. The crucial questions here are: H...
Article
Full-text available
The concept of cloud computing relies on central large datacentres with huge amounts of computational power. The rapidly growing Internet of Things with its vast amount of data showed that this architecture produces costly, inefficient and in some cases infeasible communication. Thus, fog computing, a new architecture with distributed computational...
Conference Paper
In the last decade, there has been more and more focus on the topic of information privacy, especially considering the ever increasing digital transformations that both businesses and the society are experiencing. As a right of individuals to "control when, how and to what extent information about them is communicated to others" [29], privacy has b...
Article
Popular smartphone apps may receive several thousands of user reviews containing statements about apps’ functionality, interface, user-friendliness, etc. They sometimes also comprise privacy relevant information that can be extremely helpful for app developers to better understand why users complain about certain privacy aspects of their apps. Howe...
Conference Paper
Full-text available
Augmented reality (AR) gained much public attention since the success of Poke ́mon Go in 2016. Technology companies like Apple or Google are currently focusing primarily on mobile AR (MAR) technologies, i.e. applications on mobile devices, like smartphones or tablets. Associated privacy issues have to be investigated early to foster market adoption...
Conference Paper
Full-text available
A web-based platform was developed to support the inter-organisational collaboration between small and medium-sized energy providers. Since critical infrastructures are subject to new security regulations in Germany, the platform particularly serves for the exchange of experience and for mutual support in information security. The focus of this wor...
Chapter
At the IFIP Summer School 2017, the two H2020 projects credential and prismacloud co-organized a workshop dedicated to introducing the necessary background knowledge and demonstrating prototypes of privacy-preserving solutions for storing, sharing, and processing potentially sensitive data in untrusted cloud environments. This paper summarizes the...
Conference Paper
Full-text available
Wir untersuchen in diesem Artikel mögliche Anreize für Firmen Privacy-Enhancing Technologies (PETs) zu implementieren, und damit das Privatsphäre- und Datenschutzniveau von Endkonsumenten zu erhöhen. Ein Großteil aktueller Forschung zu Privatsphäre- und Datenschutz (im Weiteren Privacy) wird aktuell aus Nutzersicht, und nicht aus der Unternehmenspe...
Conference Paper
Full-text available
In this paper we apply privacy by design in e-commerce. We outline the requirements of a privacy-aware online shopping platform that satisfies the principle of data minimization and we suggest several architectures for building such a platform. We then compare them according to four dimensions: privacy threats, transparency, usability and compatibi...
Technical Report
Full-text available
The AN.ON-Next project aims to integrate privacy-enhancing technologies into the internet's infrastructure and establish them in the consumer mass market. The technologies in focus include a basis protection at internet service provider level, an improved overlay network-based protection and a concept for privacy protection in the emerging 5G mobil...
Article
Full-text available
As part of the research project "Secure information networks of small- and medium-sized energy providers" (SIDATE), a survey about the IT security status of German energy providers was conducted. The project itself is focused on the IT security of small- and medium-sized energy providers. In August 2016, 881 companies listed by the Federal Network...
Technical Report
Full-text available
As part of the research project "Secure information networks of small- and medium-sized energy providers" (SIDATE), a survey about the IT security status of German energy providers was conducted. The project itself is focused on the IT security of small- and medium-sized energy providers. In August 2016, 881 companies listed by the Federal Network...
Conference Paper
In this paper, we introduce an approach that aims at increasing individuals’ privacy awareness. We perform a privacy risk assessment of the smartphone applications (apps) installed on a user’s device. We implemented an app behaviour monitoring tool that collects information about access to sensitive resources by each installed app. We then calculat...
Conference Paper
Full-text available
Every year, e-service providers report losses of billions of dollars due to fraud. Despite their huge efforts in implementing sophisticated fraud detection systems on top of their e-services, fraud effects seem to be rather increasing than decreasing. As a result, fraud risk assessment has been introduced as a fundamental part of e-service provider...
Conference Paper
Full-text available
Telecom providers are losing tremendous amounts of money due to fraud risks posed to Telecom services and products. Currently, they are mainly focusing on fraud detection approaches to reduce the impact of fraud risks against their services. However, fraud prevention approaches should also be investigated in order to further reduce fraud risks and...
Conference Paper
Full-text available
Due to new regulations in Germany energy providers are required to obtain IT security certificates. Especially small and medium-sized energy providers struggle to fulfill these new requirements. Since most of them are in the same situation, we are dealing with the question on how to support their collaboration using a web-based platform. We elicite...
Article
Since the ruling of the European Court of Justice, the right to be forgotten has provided more informational self-determination to users, whilst raising new questions around Google’s role as arbiter of online content and the power to rewrite history. We investigated the debate that unfolded on Twitter around the #righttobeforgotten through social n...
Chapter
Full-text available
Cars have for a long time been a symbol for the freedom and autonomy of their users. Now autonomous driving raises the question how the data flows related to autonomous driving influence the privacy of these cars’ users. Therefore this chapter discusses five guiding questions on autonomous driving, data flows, and the privacy impact of vehicles int...
Conference Paper
Privacy and its protection is an important part of the culture in the USA and Europe. Literature in this field lacks empirical data from Japan. Thus, it is difficult– especially for foreign researchers – to understand the situation in Japan. To get a deeper understanding we examined the perception of a topic that is closely related to privacy: the...
Conference Paper
Full-text available
Although in the last years there has been a growing amount of research in the field of privacy-enhancing technologies (PETs), they are not yet widely adopted in practice. In this paper we discuss the socioeconomical aspects of how users and service providers make decisions about adopting PETs. The analysis is based on our experiences from the deplo...
Research
Full-text available
Along with the convenience that came with the penetration of electronic transactions and services into our everyday life, new security and privacy threats have been emerging. The necessity of employing privacy-preserving technologies in order to avoid online surveillance is getting more and more attention. In this regard, the EU project ABC4Trust 2...
Poster
Full-text available
Eine sicher funktionierende Energieinfrastruktur ist für fast alle Lebensbereiche unserer heutigen Gesellschaft grundlegend. Damit die Energieversorgung im Rahmen der Energiewende auch nachhaltig sichergestellt werden kann, wird auch im Energiesektor immer mehr Informations- und Kommunikationstechnik (IKT) eingesetzt. Gleichzeitig erhöht sich dadur...
Conference Paper
Full-text available
Eine sicher funktionierende Energieinfrastruktur ist für fast alle Lebensbereiche unserer heutigen Gesellschaft grundlegend. Damit die Energieversorgung im Rahmen der Energiewende auch nachhaltig sichergestellt werden kann, wird auch im Energiesektor immer mehr Informations-und Kommunikationstechnik (IKT) eingesetzt. Gleichzeitig erhöht sich dadurc...
Chapter
In this chapter, a glance into the future is taken. In 2014, the European Regulation on Electronic Identification and Trust Services came into force. This will have influence on future usage of Privacy-ABCs (Section 11.1). Support for the adoption and distribution of Privacy-ABCs that help users’ privacy could be provided by various stakeholders as...
Chapter
One of the main objectives of the ABC4Trust project was to define a common, unified architecture for Privacy-ABC systems to allow comparing their respective features and combining them into common platforms. The chapter presents an overview of features and concepts of Privacy-ABCs and introduces the architecture proposed by ABC4Trust, describing th...
Chapter
ABC4Trust advances trustworthy yet privacy-protecting ways of identity management. Therefore this chapter starts with an introduction to identity management and its privacy issues. Then it gives a first overview on Privacy-ABCs for privacy enhanced identity management and introduces the ABC4Trust Project goals and pilots.
Conference Paper
Security of the Identity Management system or privacy of the users? Why not both? Privacy-preserving Attribute-based Credentials (Privacy-ABCs) can cope with this dilemma and offer a basis for privacy-respecting Identity Management systems. This paper explains the distinct features of Privacy-ABCs as implemented in the EU-sponsored ABC4Trust projec...
Article
Modern smartphone platforms offer a multitude of useful features to their users but at the same time they are highly privacy affecting. However, smartphone platforms are not effective in properly communicating privacy risks to their users. Furthermore, common privacy risk communication approaches in smartphone app ecosystems do not consider the act...
Book
The need for information privacy and security continues to grow and gets increasingly recognized. In this regard, Privacy-preserving Attribute-based Credentials (Privacy-ABCs) are elegant techniques to provide secure yet privacy-respecting access control. This book addresses the federation and interchangeability of Privacy-ABC technologies. It defi...
Chapter
Full-text available
Autos sind seit jeher ein Symbol für die Freiheit und Unabhängigkeit ihrer Benutzerinnen und Benutzer, seien es Fahrer oder Mitfahrer. Fahrer können frei entscheiden, wohin sie fahren, welche Strecke sie wählen und meistens auch, wie schnell sie reisen wollen (oder zumindest, wie oft sie eine Pause machen), ohne jemanden über ihre Entscheidungen in...
Chapter
ABC4Trust was able to progress the vision of privacy-friendly identity management being widely used and protecting privacy in a digital world several steps further. However there are still challenges open. In this chapter we outline some of them.
Conference Paper
Full-text available
User control for information privacy and informed decision-making are two societal values worth supporting. Nevertheless, there is a growing uncertainty in users' decision-making regarding their ability to have control over their privacy. Even when being provided with control mechanisms, very often users cannot make effective use of them. We argue...
Conference Paper
— Privacy Preserving Attribute-based Credentials (Privacy-ABCs) are elegant techniques to offer strong authentication and a high level of security to the service providers, while users’ privacy is preserved. Users can obtain certified attributes in the form of Privacy-ABCs, and later derive unlinkable tokens that only reveal the necessary subset of...
Conference Paper
In this work, we present the first statistical results on users’ understanding, usage and acceptance of a privacy-enhancing technology (PET) that is called “attribute-based credentials”, or Privacy-ABCs. We identify some shortcomings of the previous technology acceptance models when they are applied to PETs. Especially the fact that privacy-enhanci...
Conference Paper
Technologies based on attribute-based credentials (Privacy- ABC) enable identity management systems that require minimal disclosure of personal information and provide unlinkability of user’s transactions. However, underlying characteristics of and differences between Privacy-ABC technologies are currently not well understood. In this paper, we pre...
Conference Paper
Full-text available
Modern smartphone platforms are highly privacy-affecting but not effective in properly communicating their privacy impacts to its users. Particularly, actual data-access behavior of apps is not considered in current privacy risk communication approaches. We argue that factors such as frequency of access to sensitive information is significantly aff...
Conference Paper
Privacy-preserving Attribute-based Credentials (Privacy-ABCs) are powerful techniques to provide secure privacy-respecting access control and cope with minimal disclosure of attributes as well as partial identities. The ABC4Trust EU Project has designed a generic architecture model that abstracts away the cryptographic details of Privacy-ABC techno...
Conference Paper
In 2004 the series of annual Secure Data Management workshops as part of VLDB began, so SDM can now celebrate its 10th edition. It is less clear, when research in the area of security began; even for ICT security this is unclear. One could claim, that security research started thousands of years ago, when the original Trojan Horse was designed. Whi...
Article
Full-text available
Unsere Gesellschaft hängt in umfassendem Maße vom zuverlässigen Funktionieren technischer Systeme und vom jederzeit möglichen Zugriff auf authentische und korrekte Informationen ab. Innerhalb dieser technischen Systeme spielen informationsspeichernde bzw. -verarbeitende Systeme eine immer größere Rolle; in einzelnen Branchen tragen sie mittlerweile...
Article
Privacy-preserving Attribute-based Credentials (Privacy- ABCs) are powerful techniques to provide secure privacy-respecting access control and cope with minimal disclosure of attributes as well as partial identities. The ABC4Trust EU Project has designed a generic architecture model that abstracts away the cryptographic details of Privacy-ABC techn...
Conference Paper
Electronic Identity (eID) cards are rapidly emerging in Europe and are gaining user acceptance. As an authentication token, an eID card is a gateway to personal information and as such it is subject to privacy risks. Several European countries have taken extra care to protect their citizens against these risks. A notable example is the German eID c...
Conference Paper
The rapid growth of communication infrastructures and enterprise software solutions has caused electronic services to penetrate into our everyday life. So it is not far from reality that many personal and trust-sensitive transactions happen online. In this regard, one of the biggest challenges to deal with will be proper user authentication and acc...
Article
With the advent of mobile broadband technologies and capable mobile devices, social communities become a ubiquitous environment for people to stay in contact and share information with friends and fellows. This provides new opportunities for communities and their providers (e.g. regarding advertising) but also implies new question regarding the pri...
Article
Telcos face an elementary change in their traditional business model. The reasons for this are manifold: Tougher regulations, new technology (most notably VoIP and open spectrum), matured core business markets (voice and messaging), new market entrants or advancing customer demands and expectations. A potential direction of this change is business...
Article
The Dagstuhl Perspectives Workshop “Online Privacy: Towards Informational Self-Determination on the Internet” (11061) has been held in February 6-11, 2011 at Schloss Dagstuhl. 30 participants from academia, public sector, and industry have identified the current status-of-the-art of and challenges for online privacy as well as derived recommendatio...
Conference Paper
IFIP Technical Committee 11 (TC-11) on Security and Privacy Protection in Information Processing Systems was created in 1983 under the chairship of the late Kristian Beckman of Sweden. Representatives from more than 30 IFIP member societies are members of TC-11 and meet at least once a year at the IFIP/Sec conferences that are held in different mem...
Conference Paper
Online Social Networks form an increasingly important part of people’s lives. As mobile technologies improve accessibility, concerns about privacy and trust are more apparent as advertising becomes a critical component of most social network’s economic model. In this paper we describe the PICOS project’s research into privacy preserving advertising...
Chapter
Location-based services (LBS) determine the location of the user by using one of several technologies for determining position, and then use the location and other information to provide personalized applications and services. However, a user that employs location-based services on a regular basis faces a potential privacy problem, as location data...
Chapter
The following requirements, which have been derived from the previously described application prototype scenarios, constitute features that a privacy-friendly identity management system should support, based on a wide range of application scenarios. However, the requirements should not be read as absolute: some of them might be impractical or even...
Book
At the end of the PrimeLife EU project, a book will contain the main research results. It will address primarily researchers. In addition to fundamental research it will contain description of best practice solutions.
Article
Full-text available
The W3C’s Geolocation API will be able to standardize rapidly the transmission of location information of users on the Web. However, such sensitive information raises serious privacy concerns- especially in the mobile Internet. Our position is that the introduction of this API has to be complemented with additional means in order to prevent privacy...
Conference Paper
As online communities get increasingly mobile, enabling new location based community services, including privacy and trust for their users gets more important. Within the PICOS project we investigated and elaborated innovative concepts to improve the privacy of users within mobile communities based on three exemplary communities.
Conference Paper
Full-text available
Mobility allows social communities to become a ubiquitous part of our daily lives. However, as users in such communities share huge amounts of personal data and contents, new challenges emerge with regard to privacy and trust. In this paper we motivate the necessity of advanced privacy enhancing concepts, especially for mobile communities and outli...
Book
Full-text available
These proceedings contain the papers of IFIP/SEC 2010. It was a special honour and privilege to chair the Program Committee and prepare the proceedings for this conf- ence, which is the 25th in a series of well-established international conferences on security and privacy organized annually by Technical Committee 11 (TC-11) of IFIP. Moreover, in 20...
Chapter
Identity was a multifaceted and challenging topic, when FIDIS started to work on it, and it will be multifaceted and challenging in future. It has relations to aspects, such as societal values (e.g., privacy), societal phenomena (e.g., crime), application areas (e.g., eGovernment and mobile communications), technologies (e.g., High-Tech IDs), and l...
Chapter
While identity management systems for the Internet are debated intensively, identity management in mobile applications has grown silently over the last 17 years. Technologies, such as the still-growing Global System for Mobile Communication (GSM) with its Subscriber Identity Module (SIM) identification infrastructure, are foundations for many new m...
Chapter
The ever increasing digitisation of information has led to an Information Society, in which more and more information is available almost anywhere and anytime. The related digitisation of personal characteristics and personal information is progressively changing our ways of identifying persons and managing our relations with them especially in vir...
Conference Paper
Privacy in computerized environments is perceived very differently depending on the respective point of view. Often “privacy enhancing technologies” — initiated by the user, as a measure of self-defense — are seen as conflicting with business goals such as cost-efficiency, revenue assurance, and options for further business development based on exi...
Conference Paper
Privacy in computerized environments is perceived very differently depending on the respective point of view. Often “privacy enhancing technologies” – initiated by the user, as a measure of self-defense – are seen as conflicting with business goals such as cost-efficiency, revenue assurance, and options for further business development based on exi...