privacy and computer science eci 2015 day 1 introduction
play

Privacy and Computer Science (ECI 2015) Day 1 - Introduction why - PowerPoint PPT Presentation

Dec 24, 2023 •336 likes •1.51k views

Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough F. Prost Frederic.Prost@ens-lyon.fr Ecole Normale Sup erieure de Lyon July 2015 F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup Privacy

  1. Cryptography is not Enough Cryptography is not Enough: you can run but you can’t hide The dreamt world of mathematicians vs. the harsh reality. Implementation details do matter. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 9 / 48

  2. Cryptography is not Enough Cryptography is not Enough: you can run but you can’t hide The dreamt world of mathematicians vs. the harsh reality. Implementation details do matter. Usage protocol does matter. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 9 / 48

  3. Cryptography is not Enough Cryptography is not Enough: you can run but you can’t hide The dreamt world of mathematicians vs. the harsh reality. Implementation details do matter. Usage protocol does matter. Psychology does matter. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 9 / 48

  4. Cryptography is not Enough Cryptography is not Enough: you can run but you can’t hide The dreamt world of mathematicians vs. the harsh reality. Implementation details do matter. Usage protocol does matter. Psychology does matter. System complexity does matter. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 9 / 48

  5. Cryptography is not Enough Cryptography is not Enough: you can run but you can’t hide The dreamt world of mathematicians vs. the harsh reality. Implementation details do matter. Usage protocol does matter. Psychology does matter. System complexity does matter. Sheer luck can matter... F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 9 / 48

  6. Cryptography is not Enough Cryptography is not Enough: you can run but you can’t hide The dreamt world of mathematicians vs. the harsh reality. Implementation details do matter. Usage protocol does matter. Psychology does matter. System complexity does matter. Sheer luck can matter... = ⇒ Empirical proof: Snowden’s revalations about NSA’s practices... F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 9 / 48

  7. Cryptography is not Enough Enigma Cryptanalysis Plan Cryptography is not Enough 1 Enigma Cryptanalysis Naive Anonymization Just doesn’t Work Information Theory Cryptology: [Shannon, 1949] 2 Information theoretic studies of cryptosystems Entropy of passwords Conclusion 3 F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 10 / 48

  8. Cryptography is not Enough Enigma Cryptanalysis Enigma Cryptanalysis Real life, extreme, example of the difficulty of information security during WWII. Historians estimate the effect as 1 to 2 years war shortening (literally millions of lives). First mechanization of cryptanalysis: shift from linguistic to mathematics. First use of computers ! A. Turing, father of computer science, heavily involved. Exemplary in the multiple ways used to break the “unbreakable”. = ⇒ Think outside the box ! F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 11 / 48

  9. Cryptography is not Enough Enigma Cryptanalysis Enigma Machine F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 12 / 48

  10. Cryptography is not Enough Enigma Cryptanalysis Permutations with Rotors Schematically ♠ ♠ F F ❆ ✂ ❉ ✄ ❇ � ✄ ❆ ✂ ❉ � ❇ E ♠ E ♠ ✂ ✄ ❆ ❉ ❇ ✄ ✂ ✄ ✄ ❆ ❉ ❇ D ♠ D ♠ ❇ ✂ ❆ ✄ � ❇ ✄ ✁ ❉ ❇ ✂ ❇ � ❆ ✄ ❇ ✁ ✄ ❇ ❉ ♠ ♠ C C ❇ ✁ ✄ ❆ ✁ ❅ ✁ ✄ ❇ ❉ ✁ ❇ ✄ ✁ ❆ ✁ ✄ ❇ ❅ ❉ ♠ ♠ B B ✁ ❇ ✁ ✄ ❇ ❉ ✁ ❇ ✁ ❉ ✄ ❇ ♠ ♠ A A F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 13 / 48

  11. Cryptography is not Enough Enigma Cryptanalysis Enigma Schematically ♠ F ❅ � ❆ ✂ ❉ ✄ ❇ � ✄ � ❅ ❆ ✂ ❉ � ❇ E ♠ ✂ ✄ ❆ ❉ ❇ ✄ ✂ ✄ ✄ ❆ ❉ ❇ D ♠ ❇ ✂ ❇ ✂ ❆ ✄ � ❇ ✄ ✁ ❉ ❇ ❇ ✂ ✂ ❇ � ✄ ❆ ❇ ✁ ✄ ❇ ❉ ♠ C ❇ ✂ ❇ ✁ ✄ ❆ ✁ ❅ ✁ ✄ ❇ ❉ ✂ ❇ ✁ ❇ ✄ ✁ ❆ ✁ ✄ ❇ ❅ ❉ ♠ B ✂ ❇ ✁ ❇ ✁ ✄ ❇ ❉ ✂ ❇ ✁ ❇ ✁ ❉ ✄ ❇ ♠ A F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 14 / 48

  12. Cryptography is not Enough Enigma Cryptanalysis Protocol for the Use of Enigma Book of keys: Date Rotor Initialization Plugboard 12 I II III REZ FD IZ LP MN TA SY 13 II V I KXU AN GZ ID LW MF UY 14 IV II III WGT ET IL MO NS WH BQ 15 II I V AQR UI YS AN MJ VB EH . . . . . . . . . . . . A key gives the initial configuration of the machine. Once the machine is set the operator sent three letters in order to initiate a session key (to avoid repetitions). This group of three letters was repeated twice. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 15 / 48

  13. Cryptography is not Enough Enigma Cryptanalysis Some Numbers on Enigma Each rotor is a permutation on 26: 26 3 = 17576 3 among 5 rotors: 5! / (3!2!) = 10 Plugboard, 6 wires: (26 − 2 k )! Π 5 2 × (26 − 4 k )! = 72282089880000 k =0 Number of Enigma settings: 76 × 10 18 Age of the universe in seconds: 4 , 3 × 10 17 Enigma strength is due to the combination that avoid repetitions (rotor mechanism) and huge space of keys (plugboard). Even with a copy of the machine it is untractable. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 16 / 48

  14. Cryptography is not Enough Enigma Cryptanalysis Enigma Weaknesses Internal weaknesses (algorithm weakness): Only involutive substitutions are implemented: from 26! ≃ 403 × 10 24 to 533 × 10 12 (that is a 7 , 5 × 10 11 reduction !!). F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 17 / 48

  15. Cryptography is not Enough Enigma Cryptanalysis Enigma Weaknesses Internal weaknesses (algorithm weakness): Only involutive substitutions are implemented: from 26! ≃ 403 × 10 24 to 533 × 10 12 (that is a 7 , 5 × 10 11 reduction !!). Because of the reflector a letter can never be encoded by itself. = ⇒ Sometimes to test communications lines german sent large texts only made of “T’s”. = ⇒ crib technique developped by Turing. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 17 / 48

  16. Cryptography is not Enough Enigma Cryptanalysis Enigma Weaknesses Internal weaknesses (algorithm weakness): Only involutive substitutions are implemented: from 26! ≃ 403 × 10 24 to 533 × 10 12 (that is a 7 , 5 × 10 11 reduction !!). Because of the reflector a letter can never be encoded by itself. = ⇒ Sometimes to test communications lines german sent large texts only made of “T’s”. = ⇒ crib technique developped by Turing. External weaknesses (protocol use): Germans forbid the use of the same rotor at the same place for two consecutive days. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 17 / 48

  17. Cryptography is not Enough Enigma Cryptanalysis Enigma Weaknesses Internal weaknesses (algorithm weakness): Only involutive substitutions are implemented: from 26! ≃ 403 × 10 24 to 533 × 10 12 (that is a 7 , 5 × 10 11 reduction !!). Because of the reflector a letter can never be encoded by itself. = ⇒ Sometimes to test communications lines german sent large texts only made of “T’s”. = ⇒ crib technique developped by Turing. External weaknesses (protocol use): Germans forbid the use of the same rotor at the same place for two consecutive days. Repetition of the session key at the start of the message. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 17 / 48

  18. Cryptography is not Enough Enigma Cryptanalysis Enigma Weaknesses Internal weaknesses (algorithm weakness): Only involutive substitutions are implemented: from 26! ≃ 403 × 10 24 to 533 × 10 12 (that is a 7 , 5 × 10 11 reduction !!). Because of the reflector a letter can never be encoded by itself. = ⇒ Sometimes to test communications lines german sent large texts only made of “T’s”. = ⇒ crib technique developped by Turing. External weaknesses (protocol use): Germans forbid the use of the same rotor at the same place for two consecutive days. Repetition of the session key at the start of the message. Some messages had a predictable structure: typically meteorological messages of 6:00 am of the Luftwaffe. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 17 / 48

  19. Cryptography is not Enough Enigma Cryptanalysis Enigma Weaknesses Internal weaknesses (algorithm weakness): Only involutive substitutions are implemented: from 26! ≃ 403 × 10 24 to 533 × 10 12 (that is a 7 , 5 × 10 11 reduction !!). Because of the reflector a letter can never be encoded by itself. = ⇒ Sometimes to test communications lines german sent large texts only made of “T’s”. = ⇒ crib technique developped by Turing. External weaknesses (protocol use): Germans forbid the use of the same rotor at the same place for two consecutive days. Repetition of the session key at the start of the message. Some messages had a predictable structure: typically meteorological messages of 6:00 am of the Luftwaffe. Operator’s bias: always the same three settings (surname of his fiancee...) F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 17 / 48

  20. Cryptography is not Enough Enigma Cryptanalysis Marjan Rejevski First Attempts By espionnage French had a copy of the Enigma machine, given to the Polish (30’s). F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 18 / 48

  21. Cryptography is not Enough Enigma Cryptanalysis Marjan Rejevski First Attempts By espionnage French had a copy of the Enigma machine, given to the Polish (30’s). Marjan Rejevsky was a young polish mathematician who found a way to exploit the protocol weakness of the germans (repetition of the session key). F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 18 / 48

  22. Cryptography is not Enough Enigma Cryptanalysis Marjan Rejevski First Attempts By espionnage French had a copy of the Enigma machine, given to the Polish (30’s). Marjan Rejevsky was a young polish mathematician who found a way to exploit the protocol weakness of the germans (repetition of the session key). = ⇒ The first and fourth letters are the same ones. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 18 / 48

  23. Cryptography is not Enough Enigma Cryptanalysis Marjan Rejevski First Attempts By espionnage French had a copy of the Enigma machine, given to the Polish (30’s). Marjan Rejevsky was a young polish mathematician who found a way to exploit the protocol weakness of the germans (repetition of the session key). = ⇒ The first and fourth letters are the same ones. Using all the message sent in one day it is easy to construct a corresping alphabet like: First Letter ABCDEFGHIJKLMNOPQRSTUVWXYZ Fourth Letter XFEARBSLHQIGCVDZWKMNJUOYTP This table is independant from the plugboard. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 18 / 48

  24. Cryptography is not Enough Enigma Cryptanalysis Rejevski’s cycles Given a corresponding alphabet one can factor it in cycles. For instance in First Letter ABCDEFGHIJKLMNOPQRSTUVWXYZ Fourth Letter XFEARBSLHQIGCVDZWKMNJUOYTP One can make the cycles A → X → Y → T → N → V → U → J → Q → W → O → D → A B → F → B C → E → R → K → I → H → L → G → S → M → C P → Z → P F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 19 / 48

  25. Cryptography is not Enough Enigma Cryptanalysis Rejevski’s cycles Given a corresponding alphabet one can factor it in cycles. For instance in First Letter ABCDEFGHIJKLMNOPQRSTUVWXYZ Fourth Letter XFEARBSLHQIGCVDZWKMNJUOYTP One can make the cycles A → X → Y → T → N → V → U → J → Q → W → O → D → A B → F → B C → E → R → K → I → H → L → G → S → M → C P → Z → P It turns out that this decomposition in cycles is unique with relation to the original setting of the rotors (like DNA code for it). F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 19 / 48

  26. Cryptography is not Enough Enigma Cryptanalysis Rejevski’s cycles Given a corresponding alphabet one can factor it in cycles. For instance in First Letter ABCDEFGHIJKLMNOPQRSTUVWXYZ Fourth Letter XFEARBSLHQIGCVDZWKMNJUOYTP One can make the cycles A → X → Y → T → N → V → U → J → Q → W → O → D → A B → F → B C → E → R → K → I → H → L → G → S → M → C P → Z → P It turns out that this decomposition in cycles is unique with relation to the original setting of the rotors (like DNA code for it). ⇒ Just make a big book with all combinations ! (26 3 × 10) = F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 19 / 48

  27. Cryptography is not Enough Enigma Cryptanalysis Rejevski’s cycles Given a corresponding alphabet one can factor it in cycles. For instance in First Letter ABCDEFGHIJKLMNOPQRSTUVWXYZ Fourth Letter XFEARBSLHQIGCVDZWKMNJUOYTP One can make the cycles A → X → Y → T → N → V → U → J → Q → W → O → D → A B → F → B C → E → R → K → I → H → L → G → S → M → C P → Z → P It turns out that this decomposition in cycles is unique with relation to the original setting of the rotors (like DNA code for it). ⇒ Just make a big book with all combinations ! (26 3 × 10) = It is not over: plugboard ? (easy to crack by hand. Do you find out how ?) F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 19 / 48

  28. Cryptography is not Enough Enigma Cryptanalysis Cryptanalysis Automated: A. Turing at Bletchley Park In may 1937 Germans changed their protocols and Rejevsky’s attack was no longer possible. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 20 / 48

  29. Cryptography is not Enough Enigma Cryptanalysis Cryptanalysis Automated: A. Turing at Bletchley Park In may 1937 Germans changed their protocols and Rejevsky’s attack was no longer possible. Turing noted a similarity between messages: clear text attack. Famous example wetter in the message of the meteorological site. Called “cribs” it can lead to an attack. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 20 / 48

  30. Cryptography is not Enough Enigma Cryptanalysis Cryptanalysis Automated: A. Turing at Bletchley Park In may 1937 Germans changed their protocols and Rejevsky’s attack was no longer possible. Turing noted a similarity between messages: clear text attack. Famous example wetter in the message of the meteorological site. Called “cribs” it can lead to an attack. Suppose you know that the message) starts with: WETTERUEBERSICHTNULLSECHSNULLNULL Consider the cyphertext: W E T T E R U E B E R S I C H T E R G H W T S S K J F E G L A W There is a cycle W → 0 E → 1 R → 4 T → 16 W F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 20 / 48

  31. Cryptography is not Enough Enigma Cryptanalysis Cryptanalysis Bombe (schema) How to automatically discovers those cycles ? We can try to work on 4 machines in parallel. By linking them together, and setting them correctly, following the crib we can close an electrical circuit: F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 21 / 48

  32. Cryptography is not Enough Enigma Cryptanalysis Turing’s Cryptanalysis Bombe F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 22 / 48

  33. Cryptography is not Enough Enigma Cryptanalysis Information War War actions were made to make the Germans communicate. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 23 / 48

  34. Cryptography is not Enough Enigma Cryptanalysis Information War War actions were made to make the Germans communicate. = ⇒ indeed Allies knew how geographic data were encoded (standard espionage). F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 23 / 48

  35. Cryptography is not Enough Enigma Cryptanalysis Information War War actions were made to make the Germans communicate. = ⇒ indeed Allies knew how geographic data were encoded (standard espionage). Allies knew where the U-boot were, they could have destroyed them all at once... but the Germans would have switched their cryptosystems. How to use the information ? F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 23 / 48

  36. Cryptography is not Enough Enigma Cryptanalysis Information War War actions were made to make the Germans communicate. = ⇒ indeed Allies knew how geographic data were encoded (standard espionage). Allies knew where the U-boot were, they could have destroyed them all at once... but the Germans would have switched their cryptosystems. How to use the information ? F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 23 / 48

  37. Cryptography is not Enough Enigma Cryptanalysis Conclusion The mathematics of the cryptosystem is just a paramater among others: F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 24 / 48

  38. Cryptography is not Enough Enigma Cryptanalysis Conclusion The mathematics of the cryptosystem is just a paramater among others: espionage, F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 24 / 48

  39. Cryptography is not Enough Enigma Cryptanalysis Conclusion The mathematics of the cryptosystem is just a paramater among others: espionage, protocol applications, F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 24 / 48

  40. Cryptography is not Enough Enigma Cryptanalysis Conclusion The mathematics of the cryptosystem is just a paramater among others: espionage, protocol applications, practical implementations, F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 24 / 48

  41. Cryptography is not Enough Enigma Cryptanalysis Conclusion The mathematics of the cryptosystem is just a paramater among others: espionage, protocol applications, practical implementations, sheer luck,... F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 24 / 48

  42. Cryptography is not Enough Enigma Cryptanalysis Conclusion The mathematics of the cryptosystem is just a paramater among others: espionage, protocol applications, practical implementations, sheer luck,... No such thing as coincidence... F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 24 / 48

  43. Cryptography is not Enough Naive Anonymization Just doesn’t Work Plan Cryptography is not Enough 1 Enigma Cryptanalysis Naive Anonymization Just doesn’t Work Information Theory Cryptology: [Shannon, 1949] 2 Information theoretic studies of cryptosystems Entropy of passwords Conclusion 3 F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 25 / 48

  44. Cryptography is not Enough Naive Anonymization Just doesn’t Work Practical Case of de-Anonymization: Netflix Striking results [Narayanan and Shmatikov, 2009]. Netflix publishes a subset of its customer data: the aim is to produce usefull suggestions for movies in pay per view. Users Movies/Marks Movies/marks hidden 456789 87/4, 998/2, 687/4 954/2, 486/4 654953 45/3, 743/3, 486/4 687/3, 45/4 ... Data are simply anonymized by changing the real name to a random number. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 26 / 48

  45. Cryptography is not Enough Naive Anonymization Just doesn’t Work Practical Case of de-Anonymization: Netflix Striking results [Narayanan and Shmatikov, 2009]. Netflix publishes a subset of its customer data: the aim is to produce usefull suggestions for movies in pay per view. Users Movies/Marks Movies/marks hidden 456789 87/4, 998/2, 687/4 954/2, 486/4 654953 45/3, 743/3, 486/4 687/3, 45/4 ... Data are simply anonymized by changing the real name to a random number. R´ esults : 99% of correct de-anonymization for more than 8 marks (84% if one forget about the date when the mark was set if non mainstream movies are seen). F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 26 / 48

  46. Cryptography is not Enough Naive Anonymization Just doesn’t Work Social Data Anonymization: Dimensions and Principles Problem more down to the earth than non-interference: Partial knowledge of the graph by the opponent. Active attacker (embedding fake sub graphs to re-identify them). Object of interests vary from one data set to another. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 27 / 48

  47. Cryptography is not Enough Naive Anonymization Just doesn’t Work Social Data Anonymization: Dimensions and Principles Problem more down to the earth than non-interference: Partial knowledge of the graph by the opponent. Active attacker (embedding fake sub graphs to re-identify them). Object of interests vary from one data set to another. Hence three important points to consider: Background Knowledge: What does the opponent know ? Model of 1 the opponent. Privacity: what is attacked ? 2 Usage: How the data is going to be analyzed ? 3 = ⇒ Anonymizing techniques F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 27 / 48

  48. Cryptography is not Enough Naive Anonymization Just doesn’t Work Social Data Anonymization: Techniques Two families: Clustering: group together edges and nodes. k-anonymity (and l-diversity): there should be at least k-1 other candidates with similar features. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 28 / 48

  49. Cryptography is not Enough Naive Anonymization Just doesn’t Work Social Data Anonymization: Techniques Two families: Clustering: group together edges and nodes. k-anonymity (and l-diversity): there should be at least k-1 other candidates with similar features. Let us focus on the k-anonymity approach: the problem amounts to create G ′ such that G ′ = G 1 ⊕ G 2 ⊕ ... ⊕ G k such that G i s are isomorphic graphs. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 28 / 48

  50. Cryptography is not Enough Naive Anonymization Just doesn’t Work Social Data Anonymization: Techniques Two families: Clustering: group together edges and nodes. k-anonymity (and l-diversity): there should be at least k-1 other candidates with similar features. Let us focus on the k-anonymity approach: the problem amounts to create G ′ such that G ′ = G 1 ⊕ G 2 ⊕ ... ⊕ G k such that G i s are isomorphic graphs. It is NP-hard to find graph transformations minimizing the editing distance between a graph and a k -isomorphic graph. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 28 / 48

  51. Cryptography is not Enough Naive Anonymization Just doesn’t Work Social Data Anonymization: Techniques Two families: Clustering: group together edges and nodes. k-anonymity (and l-diversity): there should be at least k-1 other candidates with similar features. Let us focus on the k-anonymity approach: the problem amounts to create G ′ such that G ′ = G 1 ⊕ G 2 ⊕ ... ⊕ G k such that G i s are isomorphic graphs. It is NP-hard to find graph transformations minimizing the editing distance between a graph and a k -isomorphic graph. One tentative: select 1 / k nodes randomly, create k clones, link the clones together e.g. with categorical graph transformation approaches. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 28 / 48

  52. Information Theory Cryptology: [Shannon, 1949] Plan Cryptography is not Enough 1 Enigma Cryptanalysis Naive Anonymization Just doesn’t Work Information Theory Cryptology: [Shannon, 1949] 2 Information theoretic studies of cryptosystems Entropy of passwords Conclusion 3 F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 29 / 48

  53. Information Theory Cryptology: [Shannon, 1949] IT and Privacy : Art or Science ? Computer science : art or science ? “The Art of Computer Programming”, D.E. Knuth. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 30 / 48

  54. Information Theory Cryptology: [Shannon, 1949] IT and Privacy : Art or Science ? Computer science : art or science ? “The Art of Computer Programming”, D.E. Knuth. Basic issue in privacy : how do you study the strength of a cryptosystem ? Computational security. Provable security. Unconditional security. What attack are considered ? Cyphertext only ? Plaintext attack ? Partial plaintext ? etc. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 30 / 48

  55. Information Theory Cryptology: [Shannon, 1949] Information Theory 101 First things first: What is information ? F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 31 / 48

  56. Information Theory Cryptology: [Shannon, 1949] Information Theory 101 First things first: What is information ? = ⇒ ultimately it can be seen as the way to reduce incertainty. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 31 / 48

  57. Information Theory Cryptology: [Shannon, 1949] Information Theory 101 First things first: What is information ? = ⇒ ultimately it can be seen as the way to reduce incertainty. Pioneer work of C.E. Shannon: “A mathematical Theory of communication”, The Bell System Technical Journal, vol. 27, 1948. “Communication Theory of Secrecy Systems”, The Bell System Technical Journal, vol. 28, 1949. It is a study of probability theory. More precisely how probability distribution is affected by some hypotheses. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 31 / 48

  58. Information Theory Cryptology: [Shannon, 1949] Discrete Probabilities Discrete random variable: X Probability distribution: P s. t. � i ∈ I Pr P [ X = x i ] = 1 F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 32 / 48

  59. Information Theory Cryptology: [Shannon, 1949] Discrete Probabilities Discrete random variable: X Probability distribution: P s. t. � i ∈ I Pr P [ X = x i ] = 1 Joint Probability: Pr P , Q [ X = x , Y = y ] Conditional Probability: Pr P , Q [ X = x | Y = y ] F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 32 / 48

  60. Information Theory Cryptology: [Shannon, 1949] Discrete Probabilities Discrete random variable: X Probability distribution: P s. t. � i ∈ I Pr P [ X = x i ] = 1 Joint Probability: Pr P , Q [ X = x , Y = y ] Conditional Probability: Pr P , Q [ X = x | Y = y ] Pr P , Q [ x , y ] = Pr P , Q [ x | y ] Pr Q [ y ] = Pr Q , P [ y | x ] Pr P [ x ] F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 32 / 48

  61. Information Theory Cryptology: [Shannon, 1949] Discrete Probabilities Discrete random variable: X Probability distribution: P s. t. � i ∈ I Pr P [ X = x i ] = 1 Joint Probability: Pr P , Q [ X = x , Y = y ] Conditional Probability: Pr P , Q [ X = x | Y = y ] Pr P , Q [ x , y ] = Pr P , Q [ x | y ] Pr Q [ y ] = Pr Q , P [ y | x ] Pr P [ x ] Theorem (Baye’s theorem) if Pr P [ y ] > 0 then Pr P , Q [ x | y ] = Pr P [ x ] Pr Q , P [ y | x ] Pr Q [ y ] F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 32 / 48

  62. Information Theory Cryptology: [Shannon, 1949] Information theoretic studies of cryptosystems Plan Cryptography is not Enough 1 Enigma Cryptanalysis Naive Anonymization Just doesn’t Work Information Theory Cryptology: [Shannon, 1949] 2 Information theoretic studies of cryptosystems Entropy of passwords Conclusion 3 F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 33 / 48

  63. Information Theory Cryptology: [Shannon, 1949] Information theoretic studies of cryptosystems Perfect Secrecy How to prove unconditional strength for a cryptosystem ? F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 34 / 48

  64. Information Theory Cryptology: [Shannon, 1949] Information theoretic studies of cryptosystems Perfect Secrecy How to prove unconditional strength for a cryptosystem ? Formal definition of a cryptosystem: Definition (cryptosystem) ( T , C , K , E , ∆) with: T : clear T exts. C : C yphers. K : Keys. ∀ k ∈ K there is e k ∈ E and d k ∈ ∆ such that e k : T → C d k : C → T and ∀ x ∈ T , one has d k ( e k ( x )) = x F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 34 / 48

  65. Information Theory Cryptology: [Shannon, 1949] Information theoretic studies of cryptosystems Secrecy and Probabilities Plaintext: X following P . Key: K following equiprobable distribution. Since usually the key is chosen before encryption it is fair to assume K and X are independent random variables. The probability of cyphertexts can be computed from K and X : C ( K ) = { e K ( x ) | x ∈ T } F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 35 / 48

  66. Information Theory Cryptology: [Shannon, 1949] Information theoretic studies of cryptosystems Secrecy and Probabilities Plaintext: X following P . Key: K following equiprobable distribution. Since usually the key is chosen before encryption it is fair to assume K and X are independent random variables. The probability of cyphertexts can be computed from K and X : C ( K ) = { e K ( x ) | x ∈ T } Pr P [ Y = y ] = � { K | y ∈ C ( K ) } Pr K [ K = K ] Pr P [ x = d K ( y )] F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 35 / 48

  67. Information Theory Cryptology: [Shannon, 1949] Information theoretic studies of cryptosystems Secrecy and Probabilities Plaintext: X following P . Key: K following equiprobable distribution. Since usually the key is chosen before encryption it is fair to assume K and X are independent random variables. The probability of cyphertexts can be computed from K and X : C ( K ) = { e K ( x ) | x ∈ T } Pr P [ Y = y ] = � { K | y ∈ C ( K ) } Pr K [ K = K ] Pr P [ x = d K ( y )] Pr P [ y = y | x = x ] = � { K | x = d K ( y ) } Pr K [ K = K ] F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 35 / 48

  68. Information Theory Cryptology: [Shannon, 1949] Information theoretic studies of cryptosystems Secrecy and Probabilities Plaintext: X following P . Key: K following equiprobable distribution. Since usually the key is chosen before encryption it is fair to assume K and X are independent random variables. The probability of cyphertexts can be computed from K and X : C ( K ) = { e K ( x ) | x ∈ T } Pr P [ Y = y ] = � { K | y ∈ C ( K ) } Pr K [ K = K ] Pr P [ x = d K ( y )] Pr P [ y = y | x = x ] = � { K | x = d K ( y ) } Pr K [ K = K ] By Baye’s theorem � Pr P [ x = x ] × Pr K [ K = K ] { K | x = d K ( y ) } Pr P [ x = x | y = y ] = � Pr K [ K = K ] Pr P [ x = d K ( y )] { K | y ∈ C ( K ) } F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 35 / 48

  69. Information Theory Cryptology: [Shannon, 1949] Information theoretic studies of cryptosystems Defining Perfect Secrecy Definition (Perfect Secrecy) A cryptotsytem has perfect secrecy if: Pr [ x | y ] = Pr [ x ] In other words if the a posteriori probability that the plaintext is x , given the cypher y is identical to the a priori probability that the plaintext is x . One-time pad can be proven to achieve perfect secrecy. Shannon’s perfect secrecy theorem: The cryptosystem has perfect secrecy if and only if each key is used with equal probability 1 / | K | for every plaintext x and ciphertext y, there is a unique key k such that e k ( x ) = y . F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 36 / 48

  70. Information Theory Cryptology: [Shannon, 1949] Information theoretic studies of cryptosystems Entropy What if the key is used for more than one encryption ? F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 37 / 48

  71. Information Theory Cryptology: [Shannon, 1949] Information theoretic studies of cryptosystems Entropy What if the key is used for more than one encryption ? Entropy is a mathematical measure of information or uncertainty. = ⇒ computed as function of probability distribution. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 37 / 48

  72. Information Theory Cryptology: [Shannon, 1949] Information theoretic studies of cryptosystems Entropy What if the key is used for more than one encryption ? Entropy is a mathematical measure of information or uncertainty. = ⇒ computed as function of probability distribution. Suppose X following P : what is learnt through experiments following P ? = ⇒ This is the entropy of X : H ( X ) Imagine a mind game: guess a word while its letters are given one by one. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 37 / 48

  73. Information Theory Cryptology: [Shannon, 1949] Information theoretic studies of cryptosystems Entropy definition Definition (Entropy) Let X follow P , then � H ( X ) = − Pr P [ X = x ] log 2 ( Pr P [ X = x ]) x ∈ X The log is undefined for 0, but the limit is 0... so it is ok in the sum. The choice of the base of the log is arbitrary. Many applications to cryptosystems, eg: Theorem Consider the cryptosystem ( T , C , K , E , ∆) : H ( K | C ) = H ( K ) + H ( P ) − H ( C ) F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 38 / 48

  74. Information Theory Cryptology: [Shannon, 1949] Entropy of passwords Plan Cryptography is not Enough 1 Enigma Cryptanalysis Naive Anonymization Just doesn’t Work Information Theory Cryptology: [Shannon, 1949] 2 Information theoretic studies of cryptosystems Entropy of passwords Conclusion 3 F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 39 / 48

  75. Information Theory Cryptology: [Shannon, 1949] Entropy of passwords How to Choose a Password ? By far the most used technology of access control. Problems linked to the number of passwords to manage (reuse?). A lot of advices are available in order to buid a “secure” password. Information theory can help us to scientifically assess whether a password is good. = ⇒ The problem is to find a not too short, but not too long and difficult to rememeber. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 40 / 48

  76. Information Theory Cryptology: [Shannon, 1949] Entropy of passwords How to Choose a Password ? By far the most used technology of access control. Problems linked to the number of passwords to manage (reuse?). A lot of advices are available in order to buid a “secure” password. Information theory can help us to scientifically assess whether a password is good. = ⇒ The problem is to find a not too short, but not too long and difficult to rememeber. In real life: Building of a dictionnary by a scan of the hard drive (50% success rate). Using a password manager is a good compromise. F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup´ Privacy and Computer Science (ECI 2015) Day 1 - Introduction why cryptography is not enough erieure de Lyon) July 2015 40 / 48

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy and Computer Science (ECI 2015) Day 2 - Privacy/Identity from traditional Cryptographic

Privacy and Computer Science (ECI 2015) Day 2 - Privacy/Identity from traditional Cryptographic

Privacy and Computer Science (ECI 2015) Day 2 - Privacy/Identity from traditional Cryptographic Point of View F. Prost Frederic.Prost@ens-lyon.fr Ecole Normale Sup erieure de Lyon July 2015 F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale

1.55k views • 117 slides
Privacy and Computer Science (ECI 2015) Day 3 - Non Interference Analyzes F. Prost

Privacy and Computer Science (ECI 2015) Day 3 - Non Interference Analyzes F. Prost

Privacy and Computer Science (ECI 2015) Day 3 - Non Interference Analyzes F. Prost Frederic.Prost@ens-lyon.fr Ecole Normale Sup erieure de Lyon July 2015 F. Prost Frederic.Prost@ens-lyon.fr (Ecole Normale Sup Privacy and Computer Science

1.16k views • 103 slides
Privacy in D.A.T.A. Latanya Sweeney, Ph.D. Assistant Professor of Computer Science, Technology

Privacy in D.A.T.A. Latanya Sweeney, Ph.D. Assistant Professor of Computer Science, Technology

Privacy in D.A.T.A. Latanya Sweeney, Ph.D. Assistant Professor of Computer Science, Technology & Policy Carnegie Mellon University latanya@privacy.cs.cmu.edu http://privacy.cs.cmu.edu/ The Question in this Talk Can computer scientists

801 views • 77 slides
Network Attachment Privacy Piers OHanlon UKNOF33, London 19 th January 2016 Department of

Network Attachment Privacy Piers OHanlon UKNOF33, London 19 th January 2016 Department of

Department of Computer Science Network Attachment Privacy Piers OHanlon UKNOF33, London 19 th January 2016 Department of Computer Science Outline Introduction Link Layer (L2) addressing Privacy-based analysis of related

639 views • 18 slides
2020 Vision For Web Privacy Eric Chan-Tin Assistant Professor Department of Computer Science

2020 Vision For Web Privacy Eric Chan-Tin Assistant Professor Department of Computer Science

2020 Vision For Web Privacy Eric Chan-Tin Assistant Professor Department of Computer Science Loyola University Chicago SNTA20 Keynote What does Privacy mean to you? What does Privacy mean to you? Personal What you buy What you

1.12k views • 58 slides
Privacy through Accountability: A Computer Science Perspective Anupam Datta Associate Professor

Privacy through Accountability: A Computer Science Perspective Anupam Datta Associate Professor

Privacy through Accountability: A Computer Science Perspective Anupam Datta Associate Professor Computer Science, ECE, CyLab Carnegie Mellon University February 2014 Personal Information is Everywhere 2 Research Challenge Programs and

682 views • 57 slides
Privacy Does Matter! Haojin Zhu Professor Computer Science & Engineering Shanghai Jiao Tong

Privacy Does Matter! Haojin Zhu Professor Computer Science & Engineering Shanghai Jiao Tong

Privacy Does Matter! Haojin Zhu Professor Computer Science & Engineering Shanghai Jiao Tong University Scope of Privacy in This Talk Data about individuals Collection, using, and sharing of such data Privacy is primarily a

1.18k views • 98 slides
15-251 Great Theoretical Ideas in Computer Science Lecture 1: Introduction to the course

15-251 Great Theoretical Ideas in Computer Science Lecture 1: Introduction to the course

15-251 Great Theoretical Ideas in Computer Science Lecture 1: Introduction to the course Instructors: Ariel Procaccia Anil Ada September 1st, 2015 What is theoretical computer science? What is computer science? Writing computer programs

730 views • 55 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
Privacy Preserving Data Mining Li Xiong Department of Mathematics and Computer Science

Privacy Preserving Data Mining Li Xiong Department of Mathematics and Computer Science

CS378 Introduction to Data Mining Privacy Preserving Data Mining Li Xiong Department of Mathematics and Computer Science Department of Biomedical Informatics Emory University Netflix Sequel 2006, Netflix announced the challenge 2007,

951 views • 58 slides
Data Science: Statistics or Computer Science? 9/15/2015 DATA SCIENCE: STATISTICS OR COMPUTER

Data Science: Statistics or Computer Science? 9/15/2015 DATA SCIENCE: STATISTICS OR COMPUTER

Data Science: Statistics or Computer Science? 9/15/2015 DATA SCIENCE: STATISTICS OR COMPUTER SCIENCE? DATA SCIE DA SCIENCE: ST STATIS ISTICS TICS OR OR CO COMPU MPUTER ER SCIEN SCIENCE? IMPLICATIONS FOR STATISTICS EDUCATION IMPLIC ICATION

608 views • 24 slides
Privacy & Social Media Lisa Singh, PhD Department of Computer Science Georgetown University

Privacy & Social Media Lisa Singh, PhD Department of Computer Science Georgetown University

Privacy & Social Media Lisa Singh, PhD Department of Computer Science Georgetown University Outline Our world on the Internet Data privacy in a public profile world Methods for determining our web footprints Taking control of

717 views • 33 slides
Identifying and Preventing Conditions for Web Privacy Leakage Craig E. Wills Computer Science

Identifying and Preventing Conditions for Web Privacy Leakage Craig E. Wills Computer Science

Identifying and Preventing Conditions for Web Privacy Leakage Craig E. Wills Computer Science Department Worcester Polytechnic Institute Worcester, MA USA W3C Workshop on Web Tracking and User Privacy April, 2011 1 Its Not Just Tracking

474 views • 4 slides
Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS

Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS

Do Computer Science Definitions of Privacy Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS LAW Kobbi Nissim Ben-Gurion University Center for Research on Computation and Society

865 views • 62 slides
CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory

CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory

CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory University Today Meet everyone in class Course overview Why data privacy and security What is data privacy and security What we

810 views • 70 slides
Introduction to Temporal Logic Mads Dam Theoretical Computer Science KTH, 2015 About the Course

Introduction to Temporal Logic Mads Dam Theoretical Computer Science KTH, 2015 About the Course

Introduction to Temporal Logic Mads Dam Theoretical Computer Science KTH, 2015 About the Course Lecturers Content Examination Lecture material Registration What is TL About? Formalised properties of time-varying systems

1.04k views • 41 slides
CS5460: Operating Systems Lecture 1: Course Overview (Chapter 1) CS 5460: Operating Systems

CS5460: Operating Systems Lecture 1: Course Overview (Chapter 1) CS 5460: Operating Systems

CS5460: Operating Systems Lecture 1: Course Overview (Chapter 1) CS 5460: Operating Systems Lecture 1 What is an Operating System? Interface between user and hardware Exports simpler virtual machine interface Hides ugly

368 views • 22 slides
Historical Time Periods Kamil Matouek The Gerstner Laboratory Department of Cybernetics

Historical Time Periods Kamil Matouek The Gerstner Laboratory Department of Cybernetics

Temporal Ontology for Representation and Reasoning about Uncertain Historical Time Periods Kamil Matouek The Gerstner Laboratory Department of Cybernetics Faculty of Electrical Engineering Czech Technical University in Prague 1 1 MoDyS

751 views • 49 slides
PLS 2013 The road from Leibniz to Turing From Syllogisms to Computations

PLS 2013 The road from Leibniz to Turing From Syllogisms to Computations

PLS 2013 The road from Leibniz to Turing From Syllogisms to Computations () () Tribute to Alan Turing Stathis Zachos National Technical University of Athens 2 Engines of Logic Our life today is

720 views • 40 slides
2014

2014

1 2014 2 Enigma g

491 views • 8 slides
Background markers of two languages. Urdu sE is used for different English prepositions in

Background markers of two languages. Urdu sE is used for different English prepositions in

11/16/2012 Presentation Plan Spatial markers in Background Semantics South Asian languages Polysemy Representation of Spatial markers Tafseer Ahmed A study of South Asian spatial markers University of Karachi Saptial

432 views • 11 slides
A novel class of bispecific PSMA/GRPR targeting radioligands with optimized pharmacokinetics for

A novel class of bispecific PSMA/GRPR targeting radioligands with optimized pharmacokinetics for

Development of bispecific PSMA/GRPr targeting radioligands with optimized pharmacokinetics for PET imaging of prostate cancer Liolios C. 1 , Schfer M. 1 , Bauder-Wst U. 1 , Haberkorn U. 2 , Eder M. 1 , Kopka K. 1 1 Division of

321 views • 19 slides
ARCHIVING & PRESERVING WEB CONTENT THE INTERNET ARCHIVE What? A non-profit digital library

ARCHIVING & PRESERVING WEB CONTENT THE INTERNET ARCHIVE What? A non-profit digital library

ARCHIVING & PRESERVING WEB CONTENT THE INTERNET ARCHIVE What? A non-profit digital library and archive Where? San Francisco, CA When? Who? Founded in 1996 by Brewster Kahle How? Officially designated a library by the state of California

427 views • 24 slides
MULTIFLEX - a Formalism and a Tool for the Computational Morphology of Multi-Word Units Agata

MULTIFLEX - a Formalism and a Tool for the Computational Morphology of Multi-Word Units Agata

MULTIFLEX - a Formalism and a Tool for the Computational Morphology of Multi-Word Units Agata SAVARY Universit Franois Rabelais Laboratoire dInformatique IUT de Blois IPI PAN Seminar Warszawa, Jan 5, 2007 Multi-Word Units (MWUs)

595 views • 34 slides

More recommend