introduction to cybersecurity database privacy
play

Introduction to Cybersecurity Database Privacy Review: Anonymity - PDF document

Aug 08, 2023 •299 likes •573 views

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

  1. CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy  Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others  Anonymity - The state of being not identifiable within a set of subjects/individuals - It is a property exclusively of individuals  Privacy != Anonymity - Anonymity is a way to maintain privacy, and sometimes it is not necessary Foundations of Cybersecurity 2016 1 Review: Anonymous Communication (AC) Protocols  Various AC protocols with different goals: Communication - Low Latency Overhead Complexity - Low Communication Overhead - High Traffic-Analysis Resistance Latency  Typically categorized by latency overhead: Traffic-Analysis Resistance - low-latency AC protcols e.g. Tor, DC Nets, Crowds - high-latency AC protocols e.g. Mix networks Introduction to Cybersecurity 2016 2 1 Foundations of Cybersecurity 2016

  2. CISPA Center for IT Security, Privacy and Accountabiltiy A Glimpse on Research: Privacy Assessment with MATor Randomly choose an entry , a middle and an related exit node. entry middle exit corrupts Goal: Derive worst-case quantitative anonymity guarantees Impact of Single Node Corruption Overall Guarantee related i 𝐶 Budget Adversary 𝐵 𝑔 with cost function 𝑔: 𝑂 → ℝ and budget 𝐶 Anonymity degeneration (for Integer maximization problem encryption as terms) Maximize A 𝑕 ≔ ∑ 𝑏∈A 𝑏𝑒𝑤 𝑜𝑝𝑒𝑓 𝑏 subject to A ⊆ 𝑂, 𝑔 A ≤ 𝐶 𝜀 𝑓𝑜𝑢𝑠𝑧 𝑗 = ∑ (𝑛,𝑦)∈𝑂 2 Pr[ 𝑗,𝑛, 𝑦 ← 𝑈𝑝𝑠] Computational 𝜀 𝑛𝑗𝑒𝑒𝑚𝑓 𝑗 = ∑ (𝑓,𝑦)∈𝑂 2 Δ st Pr[ 𝑓, 𝑗, 𝑦 ← 𝑈𝑝𝑠] 𝑏𝑒𝑤 𝑜𝑝𝑒𝑓 (𝑗) Soundness 𝜀 𝑓𝑦𝑗𝑢 𝑗 = Δ 𝑡𝑢 ∑ 𝑓∈𝑂 Pr[ 𝑓, 𝑛, 𝑗 ← 𝑈𝑝𝑠] 1 𝑕 𝑏𝑚𝑕𝑓𝑐𝑠𝑏𝑗𝑑 (𝑜) − 𝑕 𝑑𝑠𝑧𝑞𝑢𝑝 (𝑜) ≤ 𝑞𝑝𝑚𝑧 𝑜 Introduction to Cybersecurity 2016 3 A Glimpse on Research: Privacy Assessment with MATor Randomly choose an entry , a middle and an related exit node. entry middle exit corrupts Goal: Derive worst-case quantitative anonymity guarantees 1 Live Monitor Anonymity 0.8 Tor 1 LASTor 0.6 Alternative Uniform Path Selection 0.4 Algorithms 0,5 US-Exit 0.2 0 1 8 64 512 4,096 32,768 0 2012 2013 2014 Bandwidthin MB/s time Challenges: Comprehensive network-layer attackers, extension beyond structural corruption, content-sensitive assessment Potential killer arguments: Attackers overly powerful, hence too pessimistic guarantees; assessment only for Tor, not tailored attack Introduction to Cybersecurity 2016 4 Lecture Summary – Part I Basic Database Privacy • Motivation • Data Sanitization • k-anonymity and l-diversity Principle Approaches to Data Protection • Sanitization before Publication • Protection after Publication • Publication without Control Introduction to Cybersecurity 2016 5 2 Foundations of Cybersecurity 2016

  3. CISPA Center for IT Security, Privacy and Accountabiltiy Data Privacy: Attribute Disclosure female female 25-30 25-30 Saarland Saarland Addison Addison Disorder Disorder female female 25-30 25-30 Saarland Saarland Addison Addison Disorder Disorder male male 30-35 30-35 Saarland Saarland Healthy Healthy Alice suffers from the Addison disorder! female 29y Saarbrücken social network Introduction to Cybersecurity 2016 6 Cryptographic Solutions  Why not just delete the data? In contrast to cryptography, privacy often requires a certain utility. Deleting data destroys utility.  Why can ’ t we encrypt? Storing or transmitting data encrypted is a good idea. Someone has (needs to have) the key. Introduction to Cybersecurity 2016 7 Sanitization  Legally, data has to be “sanitized”: - Removal of “identifying” information Unsanitized data Sanitized data • • Name Name • • Gender Gender • • Age Age • • Address Address • • Phone Number Phone Number • • Field of studies Field of studies • • Grades Grades Introduction to Cybersecurity 2016 8 3 Foundations of Cybersecurity 2016

  4. CISPA Center for IT Security, Privacy and Accountabiltiy Benefits of Sanitization Sanitized data can (still) be used for:  Research Statistics Science! Sanitized data  Healthcare • Name • Gender • Age • Address • Phone Number  Governmental statistics • Field of studies • Grades  Improving business models Introduction to Cybersecurity 2016 9 Does Sanitization suffice? Sanitization = Privacy?  No identity  No identifying information (“quasi identifiers”) such as address or phone number 1 female student Sanitized data of this age • Name attends a course • Gender • Age • Address • Phone Number Privacy • Field of studies Breach • Grades Introduction to Cybersecurity 2016 10 Attacks on Databases Early defense mechanisms: query sanitization. Name Age Gender Semester Grade Sanitization: Queries must not Alice 19 Female 1 1.3 depend on identifiers! Bob 18 Male 1 2.0 Charlie 18 Male 1 1.7 SELECT SUM(Grade) WHERE Name = ‘Isa’ Dave 18 Male 1 3.7 Eve 17 Female 1 1.0 3.7 Fritz 19 Male 3 1.3 Gerd 21 Male 3 2.3 Hans 23 Male 3 3.0 Isa 20 Female 3 3.7 John 20 Male 3 1.7 Kale 21 Male 5 1.7 Leonard 23 Male 5 failed Martin 20 Male 5 2.7 Nils 22 Male 5 3.0 Otto 20 Male 5 1.0 Introduction to Cybersecurity 2016 11 4 Foundations of Cybersecurity 2016

  5. CISPA Center for IT Security, Privacy and Accountabiltiy Attacks on Databases Early defense mechanisms: query sanitization. Sanitization: Queries must not Name Age Gender Semester Grade Alice 19 Female 1 1.3 depend on identifiers! Bob 18 Male 1 2.0 Charlie 18 Male 1 1.7 Sanitization: Queries must not Dave 18 Male 1 3.7 be answered if the answer is Eve 17 Female 1 1.0 below a threshold Fritz 19 Male 3 1.3 Gerd 21 Male 3 2.3 SELECT SUM(Grade) WHERE Semester = 3 Hans 23 Male 3 3.0 AND Gender = Female Isa 20 Female 3 3.7 3.7 John 20 Male 3 1.7 Kale 21 Male 5 1.7 Leonard 23 Male 5 failed Martin 20 Male 5 2.7 Nils 22 Male 5 3.0 Otto 20 Male 5 1.0 Introduction to Cybersecurity 2016 12 Attacks on Databases Early defense mechanisms: query sanitization. Sanitization: Queries must not Name Age Gender Semester Grade Alice 19 Female 1 1.3 depend on identifiers! Bob 18 Male 1 2.0 Charlie 18 Male 1 1.7 Sanitization: Queries must not Dave 18 Male 1 3.7 be answered if the answer is Eve 17 Female 1 1.0 below a threshold Fritz 19 Male 3 1.3 Gerd 21 Male 3 2.3 SELECT SUM(Grade) Hans 23 Male 3 3.0 Isa 20 Female 3 3.7 30.1 John 20 Male 3 1.7 Kale 21 Male 5 1.7 SELECT SUM(Grade) WHERE NOT (Semester = 3 AND Gender = Female) Leonard 23 Male 5 failed Martin 20 Male 5 2.7 26.4 Nils 22 Male 5 3.0 Otto 20 Male 5 1.0 Local Computation: Isa’s Grade = 30.1 – 26.4 = 3.7 Introduction to Cybersecurity 2016 13 K-Anonymity (Intuitive Idea) K-Anonymity: Privacy means that one can hide within a set of (at least) K other people with the same quasi-identifiers. Quasi identifiers: Attributes that could identify a person (name, age, etc.) K = 6 Introduction to Cybersecurity 2016 15 5 Foundations of Cybersecurity 2016

  6. CISPA Center for IT Security, Privacy and Accountabiltiy K-Anonymity (Definition) Definition: Data satisfies K-Anonymity, if each person contained in the data cannot be distinguished from at least K-1 other individuals also within the data. Introduction to Cybersecurity 2016 16 Achieving K-Anonymity Reduce the information such that the data collapses: Suppression: Name Age Gender Semester Grade Name Age Gender Semester Grade Alice 19 Female 1 1.3 * 19 * 1 1.3 Bob 18 Male 1 2.0 * 18 * 1 2.0 Charlie 18 Male 1 1.7 * 18 * 1 1.7 Dave 18 Male 1 3.7 * 18 * 1 3.7 Eve 17 Female 1 1.0 * 17 * 1 1.0 Fritz 19 Male 3 1.3 Gerd 21 Male 3 2.3 Hans 23 Male 3 3.0 Generalization: Isa 20 Female 3 failed John 20 Male 3 1.7 Name Age Gender Semester Grade Kale 21 Male 5 1.7 21-25 5 1.7 Leonard 23 Male 5 failed 21-25 5 failed Martin 20 Male 5 2.7 18-20 5 2.7 Nils 22 Male 5 3.0 21-25 5 3.0 Otto 20 Male 5 1.0 20 5 1.0 Introduction to Cybersecurity 2016 17 K-Anonymity (3) Example: K-Anonymity for a list of students with K=5. Name Semester Grade * 1 1.3 For each semester, there are at least 5 * 1 2.0 individuals present that cannot be * 1 1.7 distinguished. * 1 3.7 * 1 1.0 * 3 1.3 Idea/Goal: * 3 2.3 * 3 3.0 Consequently, one cannot be identified, * 3 failed but hides in a group of K=5 people. * 3 1.7 * 5 1.7 * 5 failed * 5 2.7 * 5 3.0 * 5 1.0 Introduction to Cybersecurity 2016 18 6 Foundations of Cybersecurity 2016

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Privacy Presentation Task Force on Autonomous Vehicles Subcommittee on Cybersecurity, Privacy,

Privacy Presentation Task Force on Autonomous Vehicles Subcommittee on Cybersecurity, Privacy,

Privacy Presentation Task Force on Autonomous Vehicles Subcommittee on Cybersecurity, Privacy, and Data April 18, 2019 The Pessimistic View (or, Privacy is Dead) Internet Privacy A More Realistic View Privacy Monetization Convenience

355 views • 9 slides
GLOBAL PRIVACY & CYBERSECURITY UPDATE View PDF | Forward | Subscribe | Subscribe to RSS |

GLOBAL PRIVACY & CYBERSECURITY UPDATE View PDF | Forward | Subscribe | Subscribe to RSS |

Global Privacy & Cybersecurity Update Issue 21 | February 2019 Jones Day GLOBAL PRIVACY & CYBERSECURITY UPDATE View PDF | Forward | Subscribe | Subscribe to RSS | Related Publications United States | Latin America | Europe | Asia |

257 views • 15 slides
Data Privacy and Cybersecurity for Tax Professionals (advanced session) Agenda 1. Introduction

Data Privacy and Cybersecurity for Tax Professionals (advanced session) Agenda 1. Introduction

Data Privacy and Cybersecurity for Tax Professionals (advanced session) Agenda 1. Introduction 2. Security Challenges Related to COVID-19 Pandemic 3. Tips for Remote Working during COVID-19 Pandemic 4. Customer Data Makes You a Prime Cyber

835 views • 45 slides
NHTSA and Automotive Cybersecurity Briefing to the Information Security and Privacy Advisory

NHTSA and Automotive Cybersecurity Briefing to the Information Security and Privacy Advisory

National Highway Traffic Safety Administration NHTSA and Automotive Cybersecurity Briefing to the Information Security and Privacy Advisory Board October 2015 The Need for Cybersecurity Research 32,719 people died due to motor vehicle

556 views • 17 slides
Security and Privacy in the Cloud Mayer Brown LLP: Cybersecurity and Data Privacy / Technology

Security and Privacy in the Cloud Mayer Brown LLP: Cybersecurity and Data Privacy / Technology

Security and Privacy in the Cloud Mayer Brown LLP: Cybersecurity and Data Privacy / Technology Transactions Practice Groups November 14, 2017 Linda Rhodes Joe Pennell Brad Peterson Partner Partner Partner 202-263-3382 312-701-8354

313 views • 29 slides
ITS BILLIONS WITH A Rental & Car Sharing Privacy & Cybersecurity

ITS BILLIONS WITH A Rental & Car Sharing Privacy & Cybersecurity

ITS BILLIONS WITH A Rental & Car Sharing Privacy & Cybersecurity Considerations B Dr. Paul Kersey is a surgeon who often sees the consequences of the city's violence in the emergency room. When home intruders

438 views • 19 slides
Authorization, Security, and Privacy 5DV119 Introduction to Database Management Ume a

Authorization, Security, and Privacy 5DV119 Introduction to Database Management Ume a

Authorization, Security, and Privacy 5DV119 Introduction to Database Management Ume a University Department of Computing Science Stephen J. Hegner hegner@cs.umu.se http://www.cs.umu.se/~hegner Authorization, Security, and Privacy

537 views • 40 slides
Data Privacy/Cybersecurity 2019-2020 How do we ensure protection of f student and staff data?

Data Privacy/Cybersecurity 2019-2020 How do we ensure protection of f student and staff data?

Data Privacy/Cybersecurity 2019-2020 How do we ensure protection of f student and staff data? What is Cybersecurity? The protection of Internet-connected systems and data from accidental damage, intentional attacks, or unauthorized access.

463 views • 19 slides
Privacy, Cybersecurity and the Use of Digital Health Information In Healthcare John P. Houston,

Privacy, Cybersecurity and the Use of Digital Health Information In Healthcare John P. Houston,

Privacy, Cybersecurity and the Use of Digital Health Information In Healthcare John P. Houston, Esq. Vice President, Privacy and Information Security & Associate Counsel 1 Types of Digital Health Information UPMC has been progressive in

701 views • 24 slides
Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches Reducing

Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches Reducing

Presenting a live 90-minute webinar with interactive Q&A Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches Reducing D&O Risk With Internal Controls, Insurance, and Indemnification; Defending Derivative

1.28k views • 79 slides
INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and

INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and

Section 1 Dr. Bruce Burton California Cybersecurity INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and implications Learn from past attacks Understand the NIST Cybersecurity Framework (CSF) &

368 views • 33 slides
Introduction to Cybersecurity Prof. Dr. Michael Backes Director, CISPA Center for IT Security,

Introduction to Cybersecurity Prof. Dr. Michael Backes Director, CISPA Center for IT Security,

Introduction to Cybersecurity Prof. Dr. Michael Backes Director, CISPA Center for IT Security, Privacy, and Accountability Chair for IT-security & Cryptography Organisation Course Registration / Course Number (97380) - Register both

929 views • 71 slides
the Healthcare Cybersecurity Crisis JACKI MONSON VP, CHIEF PRIVACY & INFORMATION SECURITY

the Healthcare Cybersecurity Crisis JACKI MONSON VP, CHIEF PRIVACY & INFORMATION SECURITY

Patient Safety Will Be Enhanced by Solving the Healthcare Cybersecurity Crisis JACKI MONSON VP, CHIEF PRIVACY & INFORMATION SECURITY OFFICER, SUTTER HEALTH What Happened? Healthcare is Sick Keeping Patients Safe Healthcares #1

1.21k views • 18 slides
Outline Introduction Background Distributed DBMS Architecture Distributed Database Design

Outline Introduction Background Distributed DBMS Architecture Distributed Database Design

Outline Introduction Background Distributed DBMS Architecture Distributed Database Design Distributed Query Processing Distributed Transaction Management Building Distributed Database Systems (RAID) Mobile Database Systems Privacy, Trust,

620 views • 20 slides
U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity cybersecurity? William J. Perry Martin Casado Keith Coleman Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity

79 views • 7 slides
24 October 2017 The Manager Company Announcements Offie Australian Securities Exchange 4 th Floor

24 October 2017 The Manager Company Announcements Offie Australian Securities Exchange 4 th Floor

24 October 2017 The Manager Company Announcements Offie Australian Securities Exchange 4 th Floor 20 Bridge Street SYDNEY NSW 2000 ELECTRONIC LODGEMENT Dear Sir / Madam, 2017 AGM Chairman and CEO Speeches and Presentation Vocus Group Limited

606 views • 28 slides
Health Links Leadership Community of Practice Jan 25, 2017 Innovative Practices: Mental Health

Health Links Leadership Community of Practice Jan 25, 2017 Innovative Practices: Mental Health

Health Links Leadership Community of Practice Jan 25, 2017 Innovative Practices: Mental Health & Addictions Sneak Peek Health Quality Ontario The provincial advisor on the quality of health care in Ontario www.HQOntario.ca Todays

868 views • 33 slides
Disclosure I receive royalty payments from Myriad Genetics for the PALB2 invention.

Disclosure I receive royalty payments from Myriad Genetics for the PALB2 invention.

An Algorithmic approach to cystic neoplasms of the pancreas February 2017 Ralph H. Hruban, M.D. Professor and Director of Pathology The Sol Goldman Pancreatic Cancer Research Center The Johns Hopkins Medical Institutions Disclosure I

586 views • 37 slides
Motor Neurone Disease (MND): An overview Suresh Chhetri MD, FRCP, FHEA Consultant Neurologist

Motor Neurone Disease (MND): An overview Suresh Chhetri MD, FRCP, FHEA Consultant Neurologist

Motor Neurone Disease (MND): An overview Suresh Chhetri MD, FRCP, FHEA Consultant Neurologist and Co-Director Lancashire and South Cumbria MND care and Research centre Royal Preston Hospital Declaration of interests Funding from GBT

693 views • 48 slides
TRACULA Data analysis steps Pre-process images to reduce distortions Either register

TRACULA Data analysis steps Pre-process images to reduce distortions Either register

TRACULA Data analysis steps Pre-process images to reduce distortions Either register distorted DW images to an undistorted (non-DW) image Or use information on distortions from separate scans (field map, residual gradients)

1.01k views • 43 slides
Developing a National Competency Framework for Kenya Claire Anderson, University of The

Developing a National Competency Framework for Kenya Claire Anderson, University of The

Developing a National Competency Framework for Kenya Claire Anderson, University of The curriculum in Kenya was not yet matched with the following competencies: Nottingham & Nilhan Uzman, International Pharmaceutical Federation Public

487 views • 14 slides
Physiotherapy : Muscle Strengthening in Degenerative Joints and Spine Conditions Ganesh Sundaram.

Physiotherapy : Muscle Strengthening in Degenerative Joints and Spine Conditions Ganesh Sundaram.

Physiotherapy : Muscle Strengthening in Degenerative Joints and Spine Conditions Ganesh Sundaram. S Master of Physiotherapy in Advanced Orthopaedics and Traumatology Master of Business Administration (Hospital Management): Operations and

273 views • 25 slides
Thank you for joining us. The program will commence momentarily. Meet The Professors Nurse and

Thank you for joining us. The program will commence momentarily. Meet The Professors Nurse and

Thank you for joining us. The program will commence momentarily. Meet The Professors Nurse and Physician Investigators Discuss Existing and Emerging Treatment Strategies for Patients with Bladder Cancer Thursday, July 30, 2020 5:00 PM

494 views • 48 slides

More recommend