anonymity privacy
play

Anonymity & Privacy Alice Privacy EU directives (e.g. - PowerPoint PPT Presentation

Mar 12, 2024 •344 likes •798 views

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

  1. Anonymity & Privacy

  2. Alice Privacy  EU directives (e.g. 95/46/EC) to protect privacy.  College Bescherming Persoonsgegevens (CBP)  What is privacy?  Users “ must be able to determine for themselves when, how, to what extent and for what purpose information about them is communicated to others ” (Definition PRIME, European project on privacy & ID management.) 2

  3. EU Data Protection Directive Personal data usage requirements:  Notice of data being collected  Purpose for data use  Consent for disclosure  Informed who is collecting their data  Kept secure  Right to access & correct data  Accountability of data collectors 3

  4. Security Attributes Privacy Recall Privacy Online Peter Steiner 1993 Nik Scott 2008 A lot of information revealed just by browsing see e.g. http://whatismyipaddress.com/

  5. Protecting Privacy  Hard privacy: data minimization  Subject provides as little data as possible  Reduce as much as possible the need to trust other entities  Example: anonymity  Issues; some information (needs to be) released.  Soft privacy: trusted controller  Data subject provides her data  Data controller responsible for its protection  Example: hospital database medical information  Issues; external parties, errors, malicious insider 5

  6. Anonymity & Privacy on the Net

  7. Example: Google  ``organize the world's information and make it universally accessible...’’  Clear risk for privacy; includes personal information  Multiple services; becoming `omnipresent’  Most searches (>90% in NL 2006) but also:  Searching books, (satellite) maps, images, usenet, news, scholarly papers, video’s, toolbar, account, email, calendar, photo program, instant messenger  Google & Doubleclick adds; used by many websites  All linked to IP address user (+os+browser+etc.). 7

  8. Info collected by Google service  Data mining to support services, custom ads  (old) Privacy policy  Allows sharing with third party with user consent  Provide data when `reasonably believes’ its legally required  Allows new policy in case of e.g. merger only notification needed (no consent) 8

  9. Google’s new privacy policy  Combine information different services  >60: search, YouTube, Gmail, Blogger, ...  Could already do for some, now extended We are confident that our new simple, clear and transparent privacy policy respects all European data protection laws and principle (Quote Google on BBC) Europe to investigate new Google privacy policy (reuters) Google privacy changes are in breach of EU law the EU's justice commissioner has said (BBC) 9

  10. Anonymous remailers Hide sender Clean header Forward to Destination (Temporary) Pseudonym Receiving a Reply 10

  11. Anonymous proxies  Hide (IP) requester from destination  Traffic analysis  Typically no protection against e.g. your ISP  Could encrypt connection proxy - client  No protection against the proxy itself  Performance Proxy: port y Service: port z Port x <=> Port y 11

  12. Tor  Union router for anonymity on the network  Hide requestor from destination & third parties  Traffic analysis  Timing attacks  Weaknesses in protocol  Malicious nodes  Performance  Also anonymous services Figures from Tor website 12

  13. Pseudonyms  On website do you enter correct info (name, address, etc.) when data not needed for service?  Some services support pseudonyms.  No direct link to user  Profiles possible if pseudonyms persistent  Privacy issue ?  Are pseudonym & group profiles personal data? 13

  14. Direct Anonymous Attestation Anonymity Revocation Authority 1. Register Prover (TPM) DAA Issuer 2. Certificate id i 3. Proof have certificate without revealing Cannot link 2,3 4. Provide service even if working together. DAA verifier  Revocation  of anonymous credentials  of anonymity 14

  15. The magical cave  Cave with a fork  Two passage ways  Ends of passages not visible from fork 15

  16. The magical Cave (2)  Cave with fork, two passage ways  Ends of passages not visible from fork  Ends of passages connected by secret passage way.  Only findable if you know the secret. 16

  17. The magical Cave (3)  I know the secret !  But I won’t tell you...  Can I still convince you I know the secret? 17

  18. Zero-Knowledge proof  Peggy and Victor meet at cave  Peggy hides in a passage  Victor goes to the fork Right!  calls out either left or right  Peggy comes out this passage  Uses secret passage if needed  Is Victor convinced ?  If repeated many times? From: Quisquater et al;How to explain Zero-Knowlege Protocols to Your Children 18

  19. Zero Knowledge proof  Peggy convinces Victor she know secret  Proof is zero knowledge Consider Victor tapes game Shows tape to you; will you be convinced?  Proof can be simulated by cheating verifier  Without a proofer who has secret 19

  20. Example protocol The Cave:  Secret S, p, q (large primes)  public n = p*q, I = S 2 mod n  P proof knowledge of S to V  P makes random R sends X = R 2 mod n Peggy hides  V makes & sends random bit E Left/Right  P sends Y = R * S E (mod n) Peggy comes out  V checks Y 2 = X * I E (mod n) Victor Sees Peggy 20

  21. Example protocol analysis  Completeness  With secret S can always correctly provide Y  Zero-knowledge; simulation by cheating verifier  Simulate run (X, E, Y): X = R 2 mod n  choose random Y , E Y = R or Y = R * S if E=1 take: X = Y 2 / I  if E=0 take: X = Y 2  Indistinguishable from real runs. No SQRT( X * S 2 ) and SQRT ( X ) at same time  Soundness  Without S: Has to choose X before knowing E:  Choose X so know R = SQRT( X ): No answer if E=1  Choose X so know Y = SQRT( X * S 2 ): No answer if E=0  Thus fails with probability 1/2 21

  22. Use of Zero knowledge proves  Example protocol show  Know secret for given public info  For applications e.g. DAA  Know values with special relation  ID along with a CA signature on this ID  E.g. know integers α , β , γ with properties: ZKP{( α , β , γ ): y = g α h β ^ y’ = g’ α h’ γ ^ (u ≤ α ≤ v)}  α , β , γ secrets, y,g,h,etc. known parameters  g,h generators group G, g’,h’ for G’ 22

  23. Direct Anonymous Attestation 1. Register; authenticate Prover (TPM) masked value f Prover (TPM) DAA Issuer {f} sg(DAA) ,f, id i f, id i 2. Certificate; signature on masked f 3. Proof have signature on f without revealing f, signature 4. Provide service DAA verifier 23

  24. Direct Anonymous Attestation  Peggy chooses secret f  Gets anonymous signature on f  Does not reveal f to issuer  Recall blind signatures e.g. with RSA E(mr e ) = (mr e ) d mod n = m d r mod n = E(m)r  Zero knowledge proof  knows an f together with a signature on f 24

  25. Direct Anonymous Attestation  Rogue member detection / revocation  Secret of Peggy = f, g generator of group  Peggy sends g f  Victor  Has list revoked f’  compares g f with g f’ for each on list  g not random: not seen to often 25

  26. `Soft’ Privacy Sometimes PII must be used. Privacy ~ use for correct purpose only

  27. Privacy Policy Statements  When entering a form on web pages  privacy policy: what may be done with data  Issues  To long and complex  No guarantees if policy is actually followed  No user preferences  Accept existing policy / do not use service 27

  28. P3P  Standardized XML based format for privacy policies  enables automated tool support  e.g. to decide accept cookie  Issues  Policies can be ambiguous  No definition how policy should be interpreted  Also no enforcement 28

  29. Enterprise Privacy: E-P3P / EPAL  Mechanisms for enforcement  within an enterprise  law often requires some for of enforcement  No External Check  For company; ensure employees follow policies  User still needs to trust company  Sticky Policies (policies stay with data)  Local to company  No guarantees outside administrative domain  Issue: No industry adoption 29

  30. Anonymizing data E.g. use db of health records for research

  31. Anonymized databases Medical Attacker Records Knowledge (“Public” attributes) 31

  32. Re-identify data by linking attributes k -anonymity: a model for protecting privacy, L. Sweeney in 32 International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 2002

  33. K-Anonymity (K=3) Alice Eve Alice Attacker Knowledge on Alice Mallory 33

  34. Restrict Quasi-ids to achieve l-Diversity: Privacy Beyond k-Anonymity by A. Machanavajjhala et al. in 34 ACM Transactions on Knowledge Discovery from Data 2007

  35. Attribute Disclosure Heart Disease Alice Heart Eve Disease Alice Attacker Knowledge on Heart Alice Disease Mallory 35

  36. Probabilistic disclosure Very rare Disease Alice Heart Eve Disease Alice Attacker Knowledge on Very rare Alice Disease Mallory 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity Being on-line without giving up everything about you Ensuring collected data doesnt reveal its users data Privacy in Structured Data:

766 views • 49 slides
Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity, t-Closeness CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 4 : 590.03 Fall 12 1

647 views • 61 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Privacy and Anonymity 1 Privacy Privacy and society Basic individual right &amp; desire

Privacy and Anonymity 1 Privacy Privacy and society Basic individual right &amp; desire

CS 134 Privacy and Anonymity 1 Privacy Privacy and society Basic individual right &amp; desire (Image from geekologie.com) Relevant to corporations &amp; government agencies Recently increased awareness However, general public

171 views • 16 slides
K Anonymity Dagstuhl Workshop Federated Semantic 8 Data Management, June 2017 4 27.06.2017

K Anonymity Dagstuhl Workshop Federated Semantic 8 Data Management, June 2017 4 27.06.2017

27.06.2017 Schutz der Privatsphre (WS15/16) Introduction to Privacy (Part 1) You have zero privacy. Get over it. Scott McNealy, 1999 Privacy, k anonymity, and differential privacy Johann Christoph Freytag Humboldt-Universitt zu

457 views • 11 slides
Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Miller and Baileys ECE 422 Anonymity Anonymity: Concealing your identity In the context of the Internet, we

860 views • 61 slides
Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not given or known - Anonymity != Privacy != Security - Anonymity: they can see what you do, but not who you are - Privacy: they can see

379 views • 33 slides
Theorem-proving Privacy and Anonymity Yoshinobu KAWABE NTT Communication Science Laboratories

Theorem-proving Privacy and Anonymity Yoshinobu KAWABE NTT Communication Science Laboratories

Theorem-proving Privacy and Anonymity Yoshinobu KAWABE NTT Communication Science Laboratories NTT Corporation References Simulation-based proof method of privacy/anonymity Y. Kawabe, K. Mano, H. Sakurada and Y. Tsukada

303 views • 28 slides
CSE 127: Introduction to Security Lecture 17: Privacy and Anonymity Nadia Heninger and Deian

CSE 127: Introduction to Security Lecture 17: Privacy and Anonymity Nadia Heninger and Deian

CSE 127: Introduction to Security Lecture 17: Privacy and Anonymity Nadia Heninger and Deian Stefan UCSD Fall 2019 Lecture outline Foundations of privacy Historical and current crypto wars in the US Privacy-enhancing

611 views • 50 slides
protecting privacy ( By L.Sweeney ) Presented by : Navreet Kaur ROADMAP Data sharing and data

protecting privacy ( By L.Sweeney ) Presented by : Navreet Kaur ROADMAP Data sharing and data

k-ANONYMITY: A model for protecting privacy ( By L.Sweeney ) Presented by : Navreet Kaur ROADMAP Data sharing and data privacy Related background work k-anonymity model Possible attacks against k-Anonymity Weaknesses of

575 views • 28 slides
Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity Vitaly

Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity Vitaly

Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity Vitaly Feldman Ulfar Erlingsson Ilya Mironov Ananth Raghunathan Kunal Talwar Abhradeep Thakurta Local Differential Privacy (LDP) 1 1 For all ,

151 views • 11 slides
The Right to be forgotten (RTBF), Privacy, Anonymity and Access to Information Panellists:

The Right to be forgotten (RTBF), Privacy, Anonymity and Access to Information Panellists:

APrIGF 2016 theme: Merging Physical Space with Cyberspace Merged workshop #8 The Right to be forgotten (RTBF), Privacy, Anonymity and Access to Information Panellists: Kyungsin Park (OpenNet Korea) Monika Zalnieriute (University of

255 views • 3 slides
On k -anonymity and the curse of dimensionality Introduction An important method for privacy

On k -anonymity and the curse of dimensionality Introduction An important method for privacy

Charu C. Aggarwal T J Watson Research Center IBM Corporation Hawthorne, NY USA On k -anonymity and the curse of dimensionality Introduction An important method for privacy preserving data mining is that of anonymization . In

985 views • 34 slides
Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio Orlandi (Aarhus University) 1 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin

1.23k views • 90 slides
Statistical Databases Query Auditing Li Xiong CS573 Data Privacy and Anonymity Partial

Statistical Databases Query Auditing Li Xiong CS573 Data Privacy and Anonymity Partial

Statistical Databases Query Auditing Li Xiong CS573 Data Privacy and Anonymity Partial slides credit: Vitaly Shmatikov, Univ Texas at Austin Query Audit Problem Maintaining privacy of data Auditor Q 1 Q 2 Q n Database

305 views • 27 slides
Tor: a quick overview (How Twitter can help) Jacob Appelbaum The Tor Project

Tor: a quick overview (How Twitter can help) Jacob Appelbaum The Tor Project

Tor: a quick overview (How Twitter can help) Jacob Appelbaum The Tor Project https://www.torproject.org/ 1 About me: Free software hacker (libmsr, blockfinder, etc) General human and other animal rights activist Founder of

679 views • 40 slides
Security and the .NET Framework Code Access Security Enforces security policy on code

Security and the .NET Framework Code Access Security Enforces security policy on code

Security and the .NET Framework Code Access Security Enforces security policy on code Regardless of user running the code Regardless of whether the code is in the same application with other code Other code can be more, less, or

695 views • 21 slides
GSM Security Problems Harald Welte osmocom.org hmw-consulting.de sysmocom.de July 2013, TSC

GSM Security Problems Harald Welte osmocom.org hmw-consulting.de sysmocom.de July 2013, TSC

Introduction GSM security problems The False BTS Security beyond the Um interface GSM Security Problems Harald Welte osmocom.org hmw-consulting.de sysmocom.de July 2013, TSC TIB, Taipei/TAIWAN 1 / 77 Harald Welte GSM Security Problems

1.19k views • 77 slides
Security APIs ARSPA-WITS10 () Formal Analysis of Key Integrity in PKCS#11s 2 / 17 Security

Security APIs ARSPA-WITS10 () Formal Analysis of Key Integrity in PKCS#11s 2 / 17 Security

Formal Analysis of Key Integrity in PKCS#11 Andrea Falcone 1 Riccardo Focardi 1 1 Universit` a Ca Foscari di Venezia, Italy focardi@dsi.unive.it ARSPA-WITS10 Paphos, Cyprus March 27-28, 2010 Work partially supported by: Miur07

729 views • 17 slides
DNS and BGP CS642: Computer Security Professor Ristenpart

DNS and BGP CS642: Computer Security Professor Ristenpart

DNS and BGP CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642

542 views • 36 slides
Privacy of Ideas in P2P Information Retrieval Queries Wolfgang Mller, Andreas Henrich

Privacy of Ideas in P2P Information Retrieval Queries Wolfgang Mller, Andreas Henrich

Privacy of Ideas in P2P Information Retrieval Queries Wolfgang Mller, Andreas Henrich Angewandte Informatik I Universitt Bayreuth wmueller@btn1x1.inf.uni-bayreuth.de Scenario: Personal Information Agent queries P2P net Peer-to-Peer

248 views • 7 slides
Behavior-Based Problem Localization for Parallel File Systems Michael P . Kasick Rajeev Gandhi,

Behavior-Based Problem Localization for Parallel File Systems Michael P . Kasick Rajeev Gandhi,

Behavior-Based Problem Localization for Parallel File Systems Michael P . Kasick Rajeev Gandhi, Priya Narasimhan Carnegie Mellon University Michael P . Kasick Behavior-Based Problem Localization October 3, 2010 1 Problem Diagnosis Goals

400 views • 38 slides
Proving IEEE 802.11i Secure Mukund Sundararajan Joint work with Changhua He, Arnab Roy, Anupam

Proving IEEE 802.11i Secure Mukund Sundararajan Joint work with Changhua He, Arnab Roy, Anupam

CS259: Security Analysis of Network Protocols, Winter 2008 Proving IEEE 802.11i Secure Mukund Sundararajan Joint work with Changhua He, Arnab Roy, Anupam Datta, Ante Derek, John Mitchell 802.11i Key Management Auth Laptop Access Server

213 views • 20 slides

More recommend