Lothar Fritsch

My publications are regisered in several non-synchronized national databases - therefore my Cristin-record is not showing the full publication list. A more complete overview can be found on DBLP and Google Scholar, while my recent publications with my Swedish affiliation are registered in DIVA.

You can follow me on LinkedIn where I frequently post on the topics of information privacy and cybersecurity.

• Wairimu, Samuel & Fritsch, Lothar (2022). 10.1145/3538969.3544462, ARES 2022: The 17th International Conference on Availability, Reliability and Security. Association for Computing Machinery (ACM). ISSN 978-1-4503-9670-7. doi: 10.1145/3538969.3544462.
• Fritsch, Lothar; Mecaliff, Marie; Opdal, Kathinka W.; Rundgreen, Mathias & Sachse, Toril S. (2022). Towards robustness of keyboard-entered authentication factors with thermal wiping against thermographic attacks. In Roßnagel, Heiko; Schunk, Christian H. & Mödersheim, Sebastian (Ed.), Open Identity Summit 2022, LNI Volume P325. Gesellschaft für Informatik. ISSN 978-3-88579-719-7. p. 15–26. doi: 10.18420/OID2022_01. Show summary

  Welcome to the Open Identity Summit 2022, which has been jointly organized by the Special Interest Groups BIOSIG within the German Computer Science Society (Gesellschaft für Informatik) and the Technical University of Denmark. The international program committee performed a strong review process according to the LNI guidelines with at least three reviews per paper and accepted 50 % of the 16 submitted papers as full scientific papers. Furthermore, the program committee has created a program including selected contributions of strong interest (further conference contributions) for the outlined scope of this conference. We would like to thank all authors for their contributions and the numerous reviewers for their work in the program committee. Copenhagen, 10th of May, 2022

• Naser Jaber, Aws; Fritsch, Lothar & Haugerud, Hårek (2022). Improving Phishing Detection with the Grey Wolf Optimizer , 2022 International Conference on Electronics, Information, and Communication (ICEIC 2022) . IEEE (Institute of Electrical and Electronics Engineers). ISSN 9781665409353. doi: 10.1109/ICEIC54506.2022.9748592.
• Nordin, Anna; Ängeby, Karin & Fritsch, Lothar (2022). Body-Area Sensing in Maternity Care: Evaluation of Commercial Wristbands for Pre-birth Stress Management. In Ur Rehman, Masood & Zoha, Ahmed (Ed.), Body Area Networks. Smart IoT and Big Data for Intelligent Health Management. 16th EAI International Conference, BODYNETS 2021, Virtual Event, October 25-26, 2021, Proceedings. Springer International Publishing. ISSN 978-3-030-95592-2. doi: https%3A/doi.org/10.1007/978-3-030-95593-9_14.
• Alzarqawee, Aws Naser Jaber & Fritsch, Lothar (2021). COVID-19 and Global Increases in Cybersecurity Attacks: Review of Possible Adverse Artificial Intelligence Attacks. In Jiamset, Keerapat; Kamolphiwong, Sinchai; Pongbangpho, Supakorn & Cheawsuwan, Thitirath (Ed.), 25th International Computer Science and Engineering Conference (ICSEC). IEEE (Institute of Electrical and Electronics Engineers). ISSN 978-1-6654-1197-4. p. 434–442. doi: 10.1109/ICSEC53205.2021.9684603.
• Bisztray, Tamas; Gruschka, Nils; Bourlai, Thirimachos & Fritsch, Lothar (2021). Emerging Biometric Modalities and their Use: Loopholes in the Terminology of the GDPR and Resulting Privacy Risks. In Brömme, Arslan; Busch, Christoph; Damer, Naser; Dantcheva, Antitza; Gomez-Barrero, Marta; Raja, Kiran; Rathgeb, Christian; Sequeira, Ana F. & Uhl, Andreas (Ed.), Proceedings of the 20th International Conference of the Biometrics Special Interest Group (BIOSIG2021). Gesellschaft für Informatik. ISSN 978-1-6654-2693-0. p. 81–90.
• Zibuschka, Jan & Fritsch, Lothar (2021). Mapping Identity Management in Data Lakes. In Roßnagel, Heiko; Schunk, Christian & Mödersheim, Sebastian (Ed.), Open Identity Summit 2021 Proceedings. Gesellschaft für Informatik. ISSN 978-3-88579-706-7.
• Fritsch, Lothar & Gruschka, Nils (2021). Extraction and Accumulation of Identity Attributes from the Internet of Things. In Roßnagel, Heiko; Schunk, Christian & Mödersheim, Sebastian (Ed.), Open Identity Summit 2021 Proceedings. Gesellschaft für Informatik. ISSN 978-3-88579-706-7. Full text in Research Archive
• Hatamian, Majid; Wairimu, Samuel; Momen, Nurul & Fritsch, Lothar (2021). A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps. Empirical Software Engineering. ISSN 1382-3256. 26. doi: 10.1007/s10664-020-09934-4.
• Bisztray, Tamas; Gruschka, Nils; Mavroeidis, Vasileios & Fritsch, Lothar (2020). Data Protection Impact Assessment in Identity Control Management with a Focus on Biometrics. In Roßnagel, Heiko; Schunck, Christian H.; Mödersheim, Sebastian & Hühnlein, Detlef (Ed.), Open Identity Summit 2020. Gesellschaft für Informatik. ISSN 978-3-88579-699-2. p. 185–192. doi: 10.18420/ois2020_17.
• Momen, Nurul & Fritsch, Lothar (2020). App-generated digital identities extracted through Android permission-based data access - a survey of app privacy, Sicherheit 2020, Sicherheit, Schutz und Zuverlässigkeit, Konferenzband der 10. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI). Springer Berlin/Heidelberg. ISSN 978-3-88579-695-4. p. 15–28. doi: 10.18420/sicherheit2020_01.
• Momen, Nurul; Hatamian, Majid & Fritsch, Lothar (2019). Did App Privacy Improve After the GDPR? IEEE Security and Privacy. ISSN 1540-7993. doi: 10.1109/MSEC.2019.2938445.
• Fritsch, Lothar (2018). How Big Data helps SDN with data protection and privacy. In Taheri, Javid (Eds.), Big Data and Software Defined Networks. The Institution of Engineering and Technology. ISSN 978-1-78561-304-3. p. 339–351.
• Schulz, Trenton & Fritsch, Lothar (2014). Accessibility and Inclusion Requirements for Future e-Identity Solutions. In Miesenberger, Klaus; Fels, Deborah; Archambault, Dominique; Peňáz, Petr & Zagler, Wolfgang (Ed.), Computers Helping People with Special Needs - Proceedings of the 14th International Conference, ICCHP 2014, Paris, France, July 9-11, 2014; Bind 2. Springer Lecture Notes on Computer Science (LNCS) 8648. Springer. ISSN 978-3-319-08598-2. p. 316–323. doi: 10.1007/978-3-319-08596-8_50. Show summary

  The two-volume set LNCS 8547 and 8548 constitutes the refereed proceedings of the 14th International Conference on Computers Helping People with Special Needs, ICCHP 2014, held in Paris, France, in July 2014. The 132 revised full papers and 55 short papers presented were carefully reviewed and selected from 362 submissions. The papers included in the second volume are organized in the following topical sections: tactile graphics and models for blind people and recognition of shapes by touch; mobility support and accessible tourism; smart and assistive environments: ambient assisted living (AAL); text entry for accessible computing; people with motor and mobility disabilities: AT and accessibility; assistive technology: service and practice; ICT-based learning technologies for disabled and non-disabled people; universal learning design: methodology; universal learning design: hearing impaired and deaf people; universal learning design: sign language in education; sign language transcription, recognition and generation; universal learning design: accessibility and AT; differentiation, individualisation and influencing factors in ICT-assisted learning for people with special needs; developing accessible teaching and learning materials within a user centred design framework and using mobile technologies to support individuals with special needs in educational environments. Content Level » Research Keywords » Braille - LaTeX - computer vision - document management and text processing - e-learning - facebook - machine learning algorithms - mobile devices - people with disabilities - publishing - smart phones - social networks - user centred design - user interface design - virtual reality Related subjects » Database Management & Information Retrieval - General Issues - HCI - Information Systems and Applications

• Schulz, Trenton & Fritsch, Lothar (2013). Identifying Trust Strategies in the Internet of Things. In Schulz, Trenton (Eds.), Proceedings of the User-Centered Trust in Interactive Systems Workshop: a Workshop from NordiCHI 2012. Norwegian Computing Center. ISSN 978-82-539-0538-9. p. 19–23.
• Paintsil, Ebenezer & Fritsch, Lothar (2013). Executable Model-Based Risk Analysis Method for Identity Management Systems: Using Hierarchical Colored Petri Nets. In Furnell, Steven; Lambrinoudakis, Costas & Lopez, Javier (Ed.), Trust, Privacy, and Security in Digital Business. Springer. ISSN 978-3-642-40342-2. p. 48–61. doi: 10.1007/978-3-642-40343-9_5.
• Røssvoll, Till Halbach & Fritsch, Lothar (2013). Trustworthy and Inclusive Identity Management for Applications in Social Media. In Kurosu, Masaaki (Eds.), Human-Computer Interaction. Users and Contexts of Use. Springer. ISSN 978-3-642-39264-1. p. 68–77. doi: 10.1007/978-3-642-39265-8_8.
• Røssvoll, Till Halbach & Fritsch, Lothar (2013). Reducing the User Burden of Identity Management: A Prototype Based Case Study for a Social-Media Payment Application. In Miller, Leslie (Eds.), ACHI 2013, The Sixth International Conference on Advances in Computer-Human Interactions. IARIA. ISSN 978-1-61208-250-9. p. 364–370.
• Paintsil, Ebenezer & Fritsch, Lothar (2013). Executable Model-Based Risk Assessment Method for Identity Management Systems. In Fischer-Hübner, Simone; Leeuw, Elisabeth de & Mitchell, Chris (Ed.), Policies and Research in Identity Management. Third IFIP WG 11.6 Working Conference, IDMAN 2013, London, UK, April 8-9, 2013. Proceedings. Springer. ISSN 978-3-642-37282-7. p. 97–99. doi: 10.1007/978-3-642-37282-7_8.
• Zibuschka, Jan & Fritsch, Lothar (2012). A hybrid approach for highly available & secure storage of pseudo-SSO credentials. In Jøsang, Audun & Carlsson, Bengt (Ed.), Secure IT Systems: 17th Nordic Conference, NordSec 2012, Karlskrona, Sweden, October 31 – November 2, 2012. Proceedings. Springer. ISSN 978-3-642-34209-7. p. 169–183. doi: 10.1007/978-3-642-34210-3_12.
• Kohlweiss, Markulf & Fritsch, Lothar (2012). Privatsphäre trotz intelligenter Zähler. digma - Zeitschrift für Datenrecht und Informationssicherheit. ISSN 1424-9944. 12(1), p. 22–26.
• Fritsch, Lothar; Groven, Arne-Kristian & Schulz, Trenton (2012). On the Internet of Things, Trust is Relative. Communications in Computer and Information Science. ISSN 1865-0929. 277, p. 267–273. doi: 10.1007/978-3-642-31479-7_46. Show summary

  End-users on the Internet of Things (IoT) will encounter many different devices and services; they will need to decide whether or not they can trust these devices and services with their information. We identify three items of trust information that end-users will need to determine if they should trust something on the IoT. We create a taxonomy of the likely scenarios end-users will encounter on the IoT and present five trust strategies for obtaining this trust information. Upon applying these strategies to our scenarios, we find that there is no strategy that can work efficiently and effectively in every situations; end-users will need to apply the strategy that best fits their current situation. Offering multiple trust strategies in parallel and having this information transparent to end-users will ensure a sustainable IoT.

• Paintsil, Ebenezer & Fritsch, Lothar (2011). Taxonomy of Privacy and Security Risks Contributing Factors. In Fischer-Hübner, Simone; Duquenoy, Penny; Hansen, Marit; Leenes, Ronald & Zhang, Ge (Ed.), Privacy and Identity Management for Life. 6th IFIP WG 9.2, 9.6/11.7, 11.4, 11.6/PrimeLife International Summer School, Helsingborg, Sweden, August 2-6, 2010, Revised Selected Papers. Springer. ISSN 9783642207686. p. 52–63.
• Paintsil, Ebenezer & Fritsch, Lothar (2011). A Taxonomy of Privacy and Security Risks Contributing Factors. IFIP Advances in Information and Communication Technology. ISSN 1868-4238. 352, p. 52–63. doi: 10.1007/978-3-642-20769-3_5.
• Paintsil, Ebenezer & Fritsch, Lothar (2011). Towards Legal Privacy Risk Assessment Automation in Social Media, INFORMATIK 2011 - Informatik schafft Communities. Gesellschaft für Informatik. ISSN 978-3-88579-286-4.
• Fritsch, Lothar (2011). Security and privacy engineering for corporate use of social community platforms, INFORMATIK 2011 - Informatik schafft Communities. Gesellschaft für Informatik. ISSN 978-3-88579-286-4.
• Scherner, Tobias & Fritsch, Lothar (2011). Technology Assurance, Digital Privacy. Springer. ISSN 978-3-642-19049-0. p. 597–608.
• Solheim, Ivar; Dale, Øystein; Fritsch, Lothar; Røssvoll, Till Halbach; Holmqvist, Knut & Tjøstheim, Ingvar (2010). Search and navigation as retrieval strategies in large photo collections. In Doherty, Aiden R.; Gurrin, Cathal; Jones, Gareth J.F. & Smeaton, Alan F. (Ed.), Proceedings of the Information Access for Personal Media Archives Workshop (IAPMA2010). Milton Keynes. ISSN 1872327869.
• Jøsang, Audun; Fritsch, Lothar & Mahler, Tobias (2010). Privacy Policy Referencing. Lecture Notes in Computer Science (LNCS). ISSN 0302-9743. 6264, p. 129–140. Show summary

  Data protection legislation was originally defined for a context where personal information is mostly stored on centralized servers with limited connectivity and openness to 3rd party access. Currently, servers are connected to the Internet, where a large amount of personal information is continuously being exchanged as part of application transactions. This is very different from the original context of data protection regulation. Even though there are rather strict data protection laws in an increasing number of countries, it is in practice rather challenging to ensure an adequate protection for personal data that is communicated on-line. The enforcement of privacy legislation and policies therefore might require a technological basis, which is integrated with adequate amendments to the legal framework. This article describes a new approach called Privacy Policy Referencing, and outlines the technical and the complementary legal framework that needs to be established to support it.

• Fritsch, Lothar; Fuglerud, Kristin Skeide & Solheim, Ivar (2010). Towards Inclusive Identity Management. Identity in the Information Society. ISSN 1876-0678. 3(3), p. 515–538. doi: 10.1007/s12394-010-0075-6. Full text in Research Archive Show summary

  The article argues for a shift of perspective in identity management (IDM) research and development. Accessibility and usability issues affect identity management to such an extent that they demand a reframing and reformulation of basic designs and requirements of modern identity management systems. The rationale for the traditional design of identity management systems and mechanisms has been security concerns as defined in the field of security engineering. By default the highest security level has been recommended and implemented, often without taking end-user needs and accessibility issues into serious consideration. The article provides a conceptual framework for inclusive IDM, a brief overview of the regulatory status of inclusive IDM and a taxonomy of inclusive identity management methods. Several widespread IDM approaches, methods and techniques are analyzed and discussed from the perspective of inclusive design. Several important challenges are identified and some ideas for solutions addressing the challenges are proposed and discussed.

• Jøsang, Audun; Fritsch, Lothar & Mahler, Tobias (2010). Privacy Policy Referencing. In Katsikas, Sokratis K.; Lopez, Javier & Soriano, Miguel (Ed.), TrustBus, Trust, Privacy and Security in Digital Business, 7th International Conference, TrustBus 2010, Bilbao, Spain, August 30-31, 2010. Proceedings, Lecture Notes in Computer Science 6264. Springer. ISSN 978-3-642-15151-4.
• Fritsch, Lothar (2009). Business risks from naive use of RFID in tracking, tracing and logistics. In Wissendheit, U & Hollstein, T (Ed.), RFID SysTech 2009 - ITG Fachbericht 216. VDE Verlag GmbH. ISSN 978-3-8007-3168-8.
• Fritsch, Lothar; Groven, Arne-Kristian & Strand, Lars Kristoffer (2009). A holistic approach to Open-Source VoIP security: Preliminary results from the EUX2010SEC project. In Bestak, Robert; Laurent, George; Zaborovsky, Vladimir S. & Dini, Cosmin (Ed.), Proceedings of the The Eighth International Conference on Networks (ICN) 2009. International Academy, Research and Industry Association (IARIA). ISSN 978-0-7695-3552-4. p. 275–280 .
• Fritsch, Lothar; Groven, Arne-Kristian; Strand, Lars Kristoffer; Leister, Wolfgang & Hagalisletto, Anders Moen (2009). A Holistic Approach to Open Source VoIP Security: Results from the EUX2010SEC Project. International journal on advances in security. ISSN 1942-2636. 2(2&3), p. 129–141.
• Fritsch, Lothar & Abie, Habtamu (2008). Towards a Research Road Map for the Management of Privacy Risks in Information Systems. In Alkassar, Ammar & Siekmann, Jörg (Ed.), Lecture Notes in Informatics. Bonner Köllen Verlag. ISSN 978-3-88579-222-2.
• Fritsch, Lothar (2007). Privacy-Respecting Location-Based Service Infrastructures: A Socio-Technical Approach to Requirements Engineering. Journal of Theoretical and Applied Electronic Commerce Research. ISSN 0718-1876. 2,3.

View all works in Cristin

• de Leeuw, Elisabeth; Fischer-Hübner, Simone & Fritsch, Lothar (2010). Second IFIP WG 11.6 Working Conference, IDMAN 2010. Springer. ISBN 978-3-642-17302-8. 145 p.
• Fritsch, Lothar (2009). Privatsphäre per Design - Privatsphäre respektierende Infrastrukturen für verteilte Mehrparteien-Geschäftsmodelle und Dienste. Lothar Fritsch, Oslo. ISBN 9788249703098. 104 p.
• Fritsch, Lothar (2008). Profiling and Location-Based Services, In: Hildebrandt, Mireille; Gutwirth, Serge (Eds.): Profiling the European Citizen - Cross-Disciplinary Perspectives. Springer.

View all works in Cristin

• Fritsch, Lothar (2021). Perspectives on Source Protection - Privacy risk .
• Tilman, Baumgärtel & Fritsch, Lothar (2021). Interview mit Lothar Fritsch, 18.03.2019. [Internet]. https://vangoghtv.hs-mainz.de/?portfolio=piazza-virtuale-onl. Show summary

  “Piazza virtuale” was a media experiment that took place at documenta IX in 1992. Van Gogh TV, a group of artists and hackers, wanted to transfer the concept of an Italian piazza – a place for casual meetings and conversations – into the media. To do this, they used all the electronic media available at the time to involve the television audience, who could watch the program daily on 3Sat, in what was happening on the screen. Usenet was the most important discussion platform on the Internet in the 1990s. Before the emergence of the World Wide Web, people discussed and exchanged ideas here in thousands of forums organized by topic. The newsgroup’s name, de.soc.kultur, signals what it’s all about: it’s a German-language group (de) in which social issues (soc = society) and, in this case, cultural topics, are discussed. On June 22, 1992, a week after “Piazza virtuale” began broadcasting, Lothar Fritsch, then a computer science student at Saarland University, wrote a detailed review of the program. Almost thirty years later, we interviewed him, who now teaches computer science at Oslo Metropolitan University in Oslo, about his memories of the program.

• Zibuschka, Jan & Fritsch, Lothar (2021). Mapping Identity Management in Data Lakes. Show summary

  Data lakes are an emerging paradigm for large-scale, integrated data processing within organizations. While it has been noted in earlier work that data governance is central for the successful operation of a data lake, and that privacy is a central issue in such a setting as personal information may be processed, the governance of personal information in data lakes has received only cursory attention. We propose tackling this information using identity management functions and perform a systematic gap analysis based on the FIDIS typology of identity management systems.

• Fritsch, Lothar; Tjøstheim, Ingvar & Kitkowska, Agnieszka (2018). I’m Not That Old Yet! The Elderly and Us in HCI and Assistive Technology.
• Tjøstheim, Ingvar & Fritsch, Lothar (2018). Similar Information Privacy Behavior in 60-65s vs. 50-59ers - Findings From A European Survey on The Elderly.
• Fritsch, Lothar (2015). Future identity ecosystems and eID provisioning -The EU project FutureID .
• Fritsch, Lothar (2015). Information privacy: Technology, principles, and challenges .
• Fritsch, Lothar (2014). Management of Privacy Risks in Information Systems. Show summary

  Information Privacy & Privacy Enhancing Technologies (PETs) - What tools for anonymity & privacy are there? Information Privacy from a Management Perspective - How can IT security managers handle privacy? Challenges for Security and Risk Managers - Difficulties in application & open issues.

• Fritsch, Lothar (2014). Big Data - implications for corporate strategy and security. Show summary

  Big Data as strategic asset in corporations requires special attention concerning information security. This lecture presentes the foundations of Big Data and how they relate to information security principles. Security is discussed from both the attacker's and defender's perspective. The persentation finishes with recommendations for information security and privacy in Buig Data applications.

• Fritsch, Lothar (2014). Research innovations for electronic identities: Privacy and Security. Show summary

  Presentation on risks and solutions for privacy and security in electronic identity management. * Short on e-ID * Today's e-ID-ecosystems * Privacy challenges with e-ID * Solutions for e-ID with "privacy by design" * Challenges when using e-ID

• Fritsch, Lothar (2014). E-ID, Sosiale Medier,industristandarder- nytteverdi og risiko. Innføring i populære e-ID-systemer. Show summary

  Innhold: Sosiale Medier E-ID – kort definisjon og egenskaper fra en forsker Globale e-ID systemer Sosiale medier som facebook, Google, og andre OpenID-løsninger Industriallianser Kantara, Fido Alliance, OASIS Muligheter og risiko Spesielt om personvern

• Fritsch, Lothar (2014). The metered self vs. managed healthcare IoT - a reality check. Show summary

  Are managed sensor networkes in healthcare threatened by the quantified self wave? Quantified self – a new concept? Just a new form of shared social media narcissism? A form of identity reassurace in the times of lost traditions? «Dataism» or «Transhumanism» or «datasexuality»? Self-metering equipment is used in ad-hoc ways, often with little (medical) scientific verification of the claimed benefits Those technologies are very appealing to users due to the perceived empowerment (see E.Rogers, Diffusion of Innovations) Self-metering as of today puts all the burden of security and privacy evaluation on the end user. Most systems operate outside the European regualtion frameworks for e-health or data protection Some applications are beneficial to users already Most health apps are used for a few weeks only. This presentation analyzes self-metering and the Internet of Things for e-health from three perspectives: the user's, the health professional's and the privacy researcher's.

• Fritsch, Lothar (2014). Helsedata, e-helse, IKT og personvern - hvor oppstår og lagres det helsedata? Health data, e-health, ICT and privacy - where is health data created, and where is it kept? Show summary

  This presentations presents an analysis of sources of health-related personal data within the health sector, outside the health sector, and on the border lines between quantified self, self-improvement, self-monitoring, social networks, sensors, Internet of Things, and the health sector. 1. E-health: a future with intense data exchange 2. Data within the health sector 3. Data outside the health sector 4. Data on the boder line 5. Measures for better data protection and privacy in e-health

• Grønli, Kristen Straumsheim; Hellman, Riitta; Fuglerud, Kristin Skeide & Fritsch, Lothar (2014). Snart kan passordene bestå av lyder, bilder og mønster - Norske forskere vil gjøre nett-tjenester tilgjengelig for alle. [Internet]. Teknisk Ukeblad. Show summary

  Mekanismene vi bruker til innlogging i dag gjør livet på nett krevende. Mange passord å holde styr på er en daglig utfordring. Folk forenkler gjerne ved å bruke det samme over alt, eller ved å skrive ned. Begge deler går ut over sikkerheten. Problemet vokser i takt med økningen i antall tjenester som krever innlogging med passord. For mennesker med hukommelsesproblemer eller lese- og skrivevansker er det enda verre. For ikke å snakke om for de som sliter med synet. Noen løsninger gjør det helt umulig for personer med funksjonshemminger å logge seg på.

• Grønli, Kristin Straumsheim; Fritsch, Lothar; Hellman, Riitta & Fuglerud, Kristin Skeide (2014). Utestengt fra nettjenester. [Internet]. Forsnkningsrådet.no. Show summary

  Nesten halvparten av alle kundehenvendelser til Altinn handler om trøbbel med innlogging. Hvem skal sørge for at tjenester på nettet blir tilgjengelige for alle?

• Fritsch, Lothar; Grønli, Kristen Straumsheim & Snekkenes, Einar (2014). Identifisering uten hamstring av persondata. [Internet]. Forskningsrådet.no. Show summary

  Mange aktører jakter informasjon om oss på nettet. Vi har få verktøy i vårt forsvar. Hvordan kan datasystemer håndtere elektroniske identiteter og samtidig ivareta personvernet?

• Fritsch, Lothar; Grønli, Christin Straumsheim & Snekkenes, Einar (2014). Vi gir for mye info om oss selv på nett. [Internet]. Forskning.no. Show summary

  Mange aktører jakter informasjon om oss på nettet. Ofte gir vi mer enn de trenger. Forskere finner nå datasystemer som tar vare på personvernet vårt.

• Fritsch, Lothar (2013). The Clean Privacy Ecosystem of the Future Internet. Future Internet. ISSN 1999-5903. 5(1), p. 34–45. doi: 10.3390/fi5010034. Show summary

  This article speculates on the future of privacy and electronic identities on the Internet. Based on a short review of security models and the development of privacy-enhancing technology, privacy and electronic identities will be discussed as parts of a larger context—an ecosystem of personal information and electronic identities. The article argues for an ecosystem view of personal information and electronic identities, as both personal information and identity information are basic required input for many applications. Therefore, for both application owners and users, a functioning ecosystem of personal information and electronic identification is important. For the future of the Internet, high-quality information and controlled circulation of such information is therefore argued as decisive for the value of future Internet applications.

• Schulz, Trenton & Fritsch, Lothar (2012). Identifying Trust Strategies in the Internet of Things.
• Fritsch, Lothar (2012). Scientific Writing and Publishing - An introduction for new PhD students at NR. A course on writing guidlines, publication channels, and program committees as part of your publication strategy. Show summary

  Contents ► PhD learning goals ► A short definition of research in Computer Science ► Scientific Writing ► Publishing Articles

• Roßnagel, Heiko; Camenisch, Jan; Fritsch, Lothar; Houdeau, Detlef; Hühnlein, Detlef & Lehmann, Anja [Show all 8 contributors for this article] (2012). FutureID – Shaping the Future of Electronic Identity. Show summary

  Abstract. The FutureID project builds a comprehensive, flexible, privacy-aware and ubiquitously usable identity management infrastructure for Europe, which integrates existing eID technology and trust infrastructures, emerging federated identity management services and modern credential technologies to provide a user-centric system for the trustworthy and accountable management of identity claims. The FutureID infrastructure will provide great benefits to all stakeholders involved in the eID value chain. Users will benefit from the availability of a ubiquitously usable open source eID client that is capable of running on arbitrary desktop PCs, tablets and modern smart phones. FutureID will allow application and service providers to easily integrate their existing services with the FutureID infrastructure, providing them with the benefits from the strong security offered by eIDs without requiring them to make substantial investments. This will enable service providers to offer this technology to users as an alternative to username/password based systems, providing them with a choice for a more trustworthy, usable and innovative technology. For existing and emerging trust service providers and card issuers FutureID will provide an integrative framework, which eases using their authentication and signature related products across Europe and beyond. To demonstrate the applicability of the developed technologies and the feasibility of the overall approach FutureID will develop two pilot applications and is open for additional application services who want to use the innovative FutureID technology. This paper provides a short overview of the FutureID project. Keywords. Identity Management, eID, Identity Broker, Open Source Client

• Fritsch, Lothar (2012). Trust and Privacy in the Internet of Things in the User’s View - Keynote talk on "Future Trends and Challenges" track.
• Fritsch, Lothar (2012). Undesirable side effects: From NFC to IoT.
• Fritsch, Lothar (2011). Identifisering, Autentisering, Autorisering - Identifisering, Autentisering, Autorisering.
• Fritsch, Lothar (2011). Motbør for mobilbillett - Intervjuet av Bjørn Egil Halvorsen. Ukjent.
• Hagalisletto, Anders Moen & Fritsch, Lothar (2011). Mobilnett-kollapsen: Vi må leve med risikoen (kronikk). Ukjent.
• Fritsch, Lothar (2011). Management of Privacy Risks in Information Systems.
• Fritsch, Lothar (2011). Privacy and Regulatory Requirements.
• Fritsch, Lothar (2011). Sikkerhet og Personvern i Sosiale Medier - Utfordringer i bedriftens IKT-strategi.
• Fritsch, Lothar (2011). Information Security in Social Media - Challenges for Corporate IT strategy.
• Hagalisletto, Anders Moen & Fritsch, Lothar (2011). Mobilnett-kollapsen: Vi må leve med risikoen. Forskning.no. ISSN 1891-635X.
• Fritsch, Lothar (2011). Economics of Cybersecurity - Economic perspectives on Information Security.
• Fritsch, Lothar (2011). Motbør for mobilbillett. [Newspaper]. Aften.
• Fritsch, Lothar (2011). Eliteskrekk. [Newspaper]. Dagens Næringsliv.
• Fritsch, Lothar (2011). Identifisering, Autentisering, Autorisering - forskjeller og implikasjoner i e-ID-anvendelser.
• Skomedal, Åsmund & Fritsch, Lothar (2010). Høringsuttalelse Cybersikkerhet. Ukjent.
• Fritsch, Lothar (2010). Nettverksbygging og tverrfaglighet med EU ”Network of Excellence”.
• Fritsch, Lothar (2010). Location Privacy by Design - Technology & Business Incentives.
• Fritsch, Lothar (2010). Støtte til forsking og innovasjon i næringslivet: Støtteordninger innenfor IKT i Norge og EU.
• Fritsch, Lothar (2010). Technology and Methods for Information Privacy.
• Fritsch, Lothar (2010). PETweb II – Privacy in Identity Management, presentation as part of the \Identity Management throughout life - solutions, trends, side effects\" networking session on Sep. 29, 2010".
• Fritsch, Lothar (2010). Sosiale Medier, e-IDer og Personvern - Innføring i begrepene og tema til e-Me oppstartmøte.
• Fritsch, Lothar (2010). Business Security and Privacy Risk of RFID.
• Fritsch, Lothar (2009). Intervju: GPS-peiling av eldre - utfordringer i sikkerhet og personvern.
• Fritsch, Lothar (2009). Business risks from RFID in tracking, tracing and logistics.
• Fritsch, Lothar (2009). Privacy technology as a key enabler for person-centric Location-based Services.
• Fritsch, Lothar (2009). Security Requirements and Security Modeling for VoIP Systems.
• Fritsch, Lothar (2009). Business security and privacy risk of RFID.
• Fritsch, Lothar (2009). Inclusive Identity Management.
• Tjøstheim, Ingvar & Fritsch, Lothar (2009). Doing surveys where it matters - the GPS-age and privacy. How the MR industry can do surveys where the action is and at the same time deal with location data and privacy.
• Fritsch, Lothar; Holmqvist, Knut & Fretland, Truls (2008). Making Rich Media Accessible for Generations: Trust, Security and Privacy Issues with Personal Media on the Web 2.0.
• Skomedal, Åsmund & Fritsch, Lothar (2008). IT-Governance. IMT4571, part of Master of Science in Information Security program.
• Fritsch, Lothar (2008). Tools and Methods for Information Privacy.
• Fritsch, Lothar (2008). Investing in Privacy Protection with Privacy-Enhancing Technology.
• Fritsch, Lothar; Fuglerud, Kristin Skeide & Solheim, Ivar (2008). 1st IDIS workshop 2008.
• Fritsch, Lothar (2008). Data Retention in Norway: Technical Security Investments, Electronic Evidence, and the PET challenge.
• Fritsch, Lothar (2007). Privacy Principals and some business considerations.
• Fritsch, Lothar; Toresson, Ludwig; Shaker, Maher & Olars, Sebastian (2020). Privacy impact self-assessment app. Karlstads Universitet. Show summary

  The popularity of the Android OS has led to the development of millions of applications. The assumption of the majority of the Android user base is that these applications are trustworthy and that the Android system does enough to protect them from the untrustworthy applications. This assumption is however false as the Android system does allow trustworthy applications to track users in different ways and does nothing to detect and remove untrustworthy applications. This project aims at informing users about which of their installed applications is tracking them and all of the negative effects it can have on a persona that is similar to them. This is done through an application that uses a pre-filled log containing the data collection of different applications to match an application with negative effects on a specific predefined persona.

• Tjøstheim, Ingvar; Leister, Wolfgang; Mork, Heidi Camilla & Fritsch, Lothar (2016). Research Directions for Studying Users’ Privacy Awareness. Norsk Regnesentral. Show summary

  In this document, we present a set of research questions on how to evoke reflection about sharing of personal data and privacy. We look into analytical approaches to understand the phenomenon of people’s privacy behaviour and into synthetical approaches to let the user practise privacy skills to increase awareness using visualisation and simulation technologies in scenarios of relevance to the user. We also review potential risks to security, privacy, anonymity, and other assets and the use of information in social media, for advertisement and commercial activities.

• Fritsch, Lothar & Abie, Habtamu (2013). 2nd PETweb II & ASSET joint PhD Seminar. Norsk Regnesentral. Show summary

  The 2nd joint PhD seminar of the PETweb II and the ASSET projects, which is the 4th PhD seminar in the PETweb II project, presented the ASSET PhD proposals, the near‐final results of the PETweb II PhD students, and will perform education in scientific work for all participants that is not offered by the cooperation academic institution’s PhD courses.

• Schulz, Trenton; Fritsch, Lothar; Schlehahn, Eva; Hansen, Marit & Zwingelberg, Harald (2013). FutureID Deliverable D22.7 Accessibility and Inclusion Requirements. Norsk Regnesentral. Show summary

  This document defines the accessibility and inclusion requirements to be taken into account when developing the different prototypes in the FutureID project. It also serves as a back- ground document in informing project partners about different aspects of accessibility when dealing with ICT. This includes looking at definitions, different types of users, assistive tech- nology, and other existing work in the field. Legal requirements, including storing of personal information for making systems accessible, are also covered. The document includes the accessibility and inclusion requirements for both developing and testing the client.

• Fritsch, Lothar & Snekkenes, Einar (2013). Alternative Approaches to Privacy Risk Assessment: Summary of the PETweb II VERDIKT project sponsored by the Research Council of Norway (2009-2013). Norsk Regnesentral. ISSN 978-82-539-0539-6. 1(1029). Show summary

  The PETweb II project has turned out to be a truly multidisciplinary project. Although the project participants have had most of their training in either law or computer science, some of the most significant results from the project is a consequence of combining ideas from economics, psychology, decision science, journalism and computer science. We believe that this project is an excellent example of how a multidisciplinary perspective can benefit research. From economics, we have imported ideas regarding utility theory. Psychology has contributed with theories of incentives and motivation. Decision science has contributed with multi- attribute utility theory. The concept of framing, belonging to the field of journalism/rhetoric has provided inspiration to explore a new way of framing risk. Computer science has offered inspiration on how the risk management and analysis concepts can be modelled and how the ideas can be implemented as a software tool. Classical risk frame focuses on incident expected impact, i.e. a combination (product) of consequence and likelihood, possibly conditioned on knowledge. PETweb II developed two alternative approaches to risk analysis – the EM-BRAM and the CIRA method. EM-BRAM starts with a model of technical risk sources in identity management technology. From there, it aims at a modelling approach of a given system into an executable model that is used to detect the presence of the risk factors in a concrete system. The risk framing proposed in the CIRA method frames risk as the underlying cause of the incident. In this frame, risk corresponds to misaligned incentives. A preliminary – bleeding edge- alpha version of a CIRA tool was developed right at the end of the project. We intend to explore the possibility of deploying CIRA and associated software tools into the data cloud. It should be kept in mind that CIRA is still in its early days, and much more research need to be completed to enhance and validate the method. However, we have already established a new project to further develop CIRA. In addition, we are planning several new projects to further explore research into a multidisciplinary perspective on risk analysis.

• Paintsil, Ebenezer; Fritsch, Lothar & Snekkenes, Einar (2013). Privacy and Security Risks Analysis of Identity Management Systems. Gjøvik University College. ISSN 978-82-93269-23-6. 1(1-2013). Show summary

  This thesis develops a risk model and model-based risk analysis method for privacy and security risks analysis of identity management systems (IDMSs) in order to reduce cost and provide scientific support for the choice of identity management approaches. In order to analyze a system, we need a clear understanding of the system as well as what can go wrong in it. Risk assessors often rely on system specifications and stakeholders (end-users and system owners) to understand a targeted system. Similarly, system stakeholders may rely on risk assessors to understand the risk analysis process. Model-based risk analysis methods use graphical models to assist system stakeholders to understand the risk analysis process. The graphical risk models communicate what can go wrong in a system and assist in the security risk analysis. They facilitate participation, risk communication and documentation. However, current model-based risk analysis methods provide general support for security risk analysis but pay little attention to privacy. Privacy requirements complement that of security but conflicts can arise in their implementation. Identifying and understanding such conflicts are a prerequisite for developing adequate and a balanced risk analysis method. Furthermore, due to lack of data on past events, model-based risk analysis methods either rely on subjective intuitions of risk assessors and system stakeholders, or complex mathematical validation techniques to determine a system’s risk. Subjective intuitions lead to high uncertainties in risk analysis. Moreover, complex mathematical risk modeling and validation techniques are expensive, difficult to learn and can impede risk communication among system stakeholders. This thesis develops a balanced approach to risk analysis where systems’ characteristics and tools that are relatively easy to learn are relied upon to analyze privacy and security risks in IDMSs. It provides new knowledge on how to develop a privacy and security risks model for IDMSs from the characteristics of information that flow in them. Furthermore, it develops an executable model-based risk analysis method (EM-BRAM) to improve risk communication, automation, participation as well as documentation in IDMSs. The EM-BRAM relies on system behaviors or characteristics rather than data on past events or intuitions of a risk assessor to analyze privacy and security risks in IDMSs. Consequently, the method can reduce subjectivity and uncertainty in risk analysis of IDMSs. EM-BRAM identifies risk factors inherent in IDMSs and uses them as inputs for the privacy and security risks analysis. The risk factors are categorized into external and internal misuse cases. The external misuse cases consist of risk factors that may be outside the control of IDMSs while the opposite is true for internal misuse cases. The internal misuse cases are used for the privacy and security risks analysis. In order to determine a system’s risk, the EM-BRAM uses Colored Petri Nets tools and queries to model and analyze the characteristics of information flow in the target IDMS. The method has been applied to analyze the security and privacy risks of popular IDMSs such as OpenID and SAML single sign-on services for Google Apps. The results show that the EM-BRAM is effective in analyzing privacy and security of IDMSs if it is applied to low level system specifications.

• Fritsch, Lothar (2012). Privacy visualization requirements in the Internet of Things - A uTRUSTit FP7 ICT project note, 7.9.2012. Norsk Regnesentral. Show summary

  The Internet of Things (IoT) is a complex mesh‐up of devices, infrastructures and services. When connecting to a particular peer, users expose themselves to these infrastructures. This report reviews techniques and knowledge concerning the communication of status information about privacy and information security and trustworthiness to users of the IoT. Particular challenges are the complexity and instability of the infrastructures, the miniature user interfaces of smart things, and the arbitrariness and traceability of connections and device federations.

• Fritsch, Lothar (2012). Documentation of the 3rd PETweb II PhD student workshop - Joint PhD student workshop of the VERDIKT PETweb II and ASSET projects in Gjøvik, 13.9.2012. Norsk Regnesentral.
• Fritsch, Lothar (2012). Documentation of the 2nd PETweb II PhD student workshop - 2-day PhD student workshop of the VERDIKT PETweb II projects in Rømskog, 19.3.2012. Norsk Regnesentral.
• Fritsch, Lothar (2011). Utprøving av Buypass e-ID og Altinn.no - Resultat av smartkort-studie i e-Me prosjekt. Norsk Regnesentral.
• Fritsch, Lothar (2011). Social Media, e-ID and Privacy - Background for the e-Me project. Norsk Regnesentral.
• Fritsch, Lothar (2011). Social Media, e-ID and Privacy - Background for the e-Me project. Norsk Regnesentral.
• Fritsch, Lothar (2011). Utprøving av Buypass e-ID og Altinn.no - Resultat av smartkort-studie i e-Me prosjekt. Norsk Regnesentral.
• Schulz, Trenton; Fritsch, Lothar; Solheim, Ivar; Tjøstheim, Ingvar; Petró, Dániel & Arfwedson, Henrik [Show all 7 contributors for this article] (2011). uTRUSTit Deliverable D2.2 Definition of User Scenarios. Norwegian Computing Center. Show summary

  We present scenarios in the three domains of smart home, smart office, and e-voting. The smart home consists of five scenarios; the smart office includes nine scenarios; e-voting has five scenarios. These scenarios cover a variety of situations that people may encounter in their everyday life and help to illustrate the trust issues that can show up when working with the Internet of Things (IoT). The scenarios form a foundation for many of the tasks and activities in the other work packages since the scenarios capture the functionality that we will work on. We also include a list of potential devices that may be used to realize these scenarios.

• Fritsch, Lothar & Fuglerud, Kristin Skeide (2010). Time and Usability as Upper Boundary in Friend and Family Security and Privacy. Norsk Regnesentral.
• Fritsch, Lothar & Paintsil, Ebenezer (2010). 1st PhD retreat documentation - Minutes of the PETweb II PhD workshop, April 15-16, 2010. Norsk Regnesentral.
• Fritsch, Lothar (2009). PhD recruiting - PETweb II recruitment activities and results. Norsk Regnesentral.
• Fritsch, Lothar & Groven, Arne-Kristian (2009). VoIP stakeholder profiling: Public stakeholders and infrastructure owners. Norsk Regnesentral.
• Fuglerud, Kristin Skeide; Reinertsen, Arthur; Fritsch, Lothar & Dale, Øystein (2009). Universell utforming av IKT-baserte løsninger for registrering og autentisering: Resultater fra forprosjekt. Norsk Regnesentral.
• Holmqvist, Knut; Solheim, Ivar; Fritsch, Lothar; Dale, Øystein & Halbach, Till (2009). Search vs Navigation in Mariage Image Retrieval. Norsk Regnesentral.
• Naumann, Ingo; Hogben, Giles; Fritsch, Lothar; Benito, Raúl; Dean, Roger & Gould, Jonathon [Show all 15 contributors for this article] (2008). ENISA position paper: Security Issues in the Context of Authentication Using Mobile Devices (Mobile eID).
• Naumann, Ingo; Hogben, Giles; Fritsch, Lothar; Benito, Raúl; Dean, Roger & Gould, Jonathon [Show all 15 contributors for this article] (2008). Security Issues in the Context of Authentication Using Mobile Devices (Mobile eID) (ENISA position paper).
• Fretland, Truls; Fritsch, Lothar & Groven, Arne-Kristian (2008). State of the Art of Digital Rights Management - A MARIAGE project report. Norsk Regnesentral. ISSN 978-82-539-0528-0.
• Benito, Raúl; Dean, Roger; Fritsch, Lothar; Hoepman, Jaap-Henk; Lazar, Steve & Leitold, Herbert [Show all 14 contributors for this article] (2008). Security Issues in the Context of Authentication Using Mobile Devices (Mobile eID). European Network and Information Security Agency.
• Fritsch, Lothar (2007). State of the Art of Privacy-enhancing Technology (PET) - Deliverable D2.1 of the PETweb project. ISSN 978-82-53-90523-5.

View all works in Cristin