privacy enhancing t echnologies
play

Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE - PowerPoint PPT Presentation

Jan 05, 2023 •172 likes •668 views

T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design Ulm 9 th -10 th March 2015 11/03/2015 Privacy

  1. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design Ulm 9 th -10 th March 2015 11/03/2015 Privacy Enhancing T echnologies 1

  2. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Outline • What are privacy enhancing technologies? • Privacy Enhancing T echnologies – PET s for personal data management – PET s for data disclosure minimization • Conclusions 11/03/2015 Privacy Enhancing T echnologies 2

  3. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve What are privacy enhancing technologies? 11/03/2015 Privacy Enhancing T echnologies 3

  4. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve What is privacy? • So far in the workshop: – Abstract and subjective concept, hard to defjne – Popular defjnitions: • “The right to be let alone”: freedom from intrusion • “Informational self-determination” : focus on control – EU Regulation Data Protection Directive (95/46/EC) • What data can be collected and how should it be protected – Privacy controls: more detailed high level description • And from a technical point of view? – Privacy properties 11/03/2015 Privacy Enhancing T echnologies 4

  5. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy properties: Anonymity • Hiding link between identity and action/piece of information. – Reader of a web page, person accessing a service – Sender of an email, writer of a text – Person to whom an entry in a database relates – Person present in a physical location • Defjnitions: – Pfjtzmann-Hansen (PH) [1] “Anonymity is the state of being not identifjable within a set of subjects, the anonymity set [...] The anonymity set is the set of all possible subjects who might cause an action” [pattern Anonymity set] – ISO 29100 [2] “defjnes anonymity as a characteristic of information that does not permit a personally identifjable information principal to be identifjed directly or indirectly” • In practice it is a Probabilistic defjnition 11/03/2015 Privacy Enhancing T echnologies 5

  6. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy properties: Pseudonymity – PH [1] “Pseudonymity is the use of pseudonyms as IDs [...] A digital pseudonym is a bit string which is unique as ID and which can be used to authenticate the holder” [pattern Pseudonymous identity ] – ISO15408 [3] “pseudonymity ensures that a user may use a resource or service without disclosing its identity, but can still be accountable for that use. ” Persistent One time Hybrid pseudonyms pseudonyms (Multiple (Identity!) (Anonymity) identities) 11/03/2015 Privacy Enhancing T echnologies 6

  7. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy properties: Unlinkability • Hiding link between two or more actions/identities/info pieces – T wo anonymous letters written by the same person – T wo web page visits by the same user – Entries in two databases related to the same person – T wo people related by a friendship link – Same person spotted in two locations at difgerent points in time • Defjnitions – PH [1] “ Unlinkability of two or more items means that within a system , these items are no more and no less related than they are related concerning the a-priori knowledge” – ISO15408 [3] “unlinkability ensures that a user may make multiple uses of resources or services without others being able to link these uses together ” 11/03/2015 Privacy Enhancing T echnologies 7

  8. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy properties: Unobservability • Hiding user activity. – whether someone is accessing a web page – whether an entry in a database corresponds to a real person – whether someone or no one is in a given location • Defjnitions – PH [1] “Unobservability is the state of items of interest being indistinguishable from any item of interest at all [...] Sender unobservability then means that it is not noticeable whether any sender within the unobservability set sends.” – ISO15408 [3] “unobservability ensures that a user may use a resource or service without others, especially third parties, without being able to observe that the resource or service is being used.” 11/03/2015 Privacy Enhancing T echnologies 8

  9. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy properties: Plausible deniability • Not possible to prove user knows, has done or has said something – Ofg-the-record conversations – Resistance to coercion: • Not possible to prove that a person has hidden information in a computer • Not possible to know that someone has the combination of a safe – Possibility to deny having been in a place at a certain point in time – Possibility to deny that a database record belongs to a person 11/03/2015 Privacy Enhancing T echnologies 9

  10. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy properties • So far it was about de-coupling identity and actions • but we could keep identity and hide data – Cryptographic security properties – Not similar widely accepted for other means (the previous properties are building blocks) • Difgerential privacy: a data base looks “almost” the same before and after an event occurs. – Special noise 11/03/2015 Privacy Enhancing T echnologies 10

  11. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy enhancing technologies • T echnologies that enable users to preserve their privacy – In terms of technical properties • From whom? 1. Third parties = trust on data controller/processor (or must disclose data) • PET s for personal data management • Support to Data Protection 2. Data controller = no trust • PET s for data disclosure minimization (i.e., minimize trust) • “Ultimate” Data Protection 11/03/2015 Privacy Enhancing T echnologies 11

  12. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy enhancing technologies • T echnologies that enable users to preserve their privacy – In terms of technical properties • From whom? 1. Third parties = trust on data controller/processor (or must disclose data) • PET s for personal data management [“soft privacy”] • Support to Data Protection 2. Data controller/processor = no trust • PET s for data disclosure minimization (i.e., minimize trust) [“hard privacy”] 11/03/2015 Privacy Enhancing T echnologies 12 • “Ultimate” Data Protection

  13. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve PET s for personal data management 11/03/2015 Privacy Enhancing T echnologies 13

  14. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve PET s for decision support • Provide insight in how user’s data is being collected, stored, processed and disclosed to the data subject to enable well-informed decisions [ pattern Protection against tracking] • Transparency-Enhancing T echnologies [4] – Google Dashboard : what personal data is stored and who has access – Collusion (Firefox addon) : list of entities tracking users – Mozilla Privacy Icons: simple visual language to make privacy policies more understandable – Privacy Bird (IE Add-on): shows user whether webpage complies with her preferred policy based on image s Privacy as • Challenges Control – How to provide information useful to users Privacy as • How to convey it Practice • How to make users understand 11/03/2015 Privacy Enhancing T echnologies 14

  15. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve PET s for consent support • Provide users with means to express their privacy preferences and give consent [ pattern Protection against tracking] • Privacy policies languages (P3P, S4P, SIMPL) – Automated processing and comparison with users’ preferences – Diffjcult to make unambiguous and inform users (TET s) – Diffjcult to standardize and make them expressive • Anti-tracking Privacy as Control – Do Not T rack options Privacy as Practice • Browser tag expressing who can collect personal data – Track Me Not plugin • Renders collection useless 11/03/2015 Privacy Enhancing T echnologies 15

  16. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve PET s for enforcement support • Provide users with means to enforce their preferences • Locally “easy”: blockers (pop-ups, ads, cookies,...) • Remotely – Sticky policies associated to data(e.g., trusted third party stores encryption keys only disclosed in certain cases) – Use of trusted hardware (HSMs, TPMs) to process data “out” of the server’s control Privacy as Control Privacy as Practice 11/03/2015 Privacy Enhancing T echnologies 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR MISSION Least Authoritys mission is to build and support ethical and usable technology solutions that advance digital security and privacy as

552 views • 13 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Meanings of "Privacy" in Privacy Enhancing Technologies

Meanings of "Privacy" in Privacy Enhancing Technologies

Meanings of "Privacy" in Privacy Enhancing Technologies Claudia Diaz KU Leuven COSIC Digital IdenBty Management (DIM) November 8, 2013 Claudia

565 views • 19 slides
Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies

Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies

Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies Symposium July 2427, 2018 Dionysis Manousakas , Cecilia Mascolo , , Alastair R. Beresford , Dennis Chan , Nikhil Sharma

758 views • 45 slides
Privacy Enhancing Technologies for the Internet, Parts I and II Ian Goldberg, David Wagner, Eric

Privacy Enhancing Technologies for the Internet, Parts I and II Ian Goldberg, David Wagner, Eric

Privacy Enhancing Technologies for the Internet, Parts I and II Ian Goldberg, David Wagner, Eric Brewer presented by Nikita Borisov ECE598NB - Spring 2006 Motivation Threats to privacy Online actions monitored Information

776 views • 26 slides
Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy Network Meeting 10 April 2019 Presentation by Melanie Casley www.salingerprivacy.com.au The cause of so much confusion Back to Basics Privacy

388 views • 19 slides
Enhancing Privacy in Machine Learning Mathias Humbert INSA Toulouse/CNRS Toulouse, January 22,

Enhancing Privacy in Machine Learning Mathias Humbert INSA Toulouse/CNRS Toulouse, January 22,

Enhancing Privacy in Machine Learning Mathias Humbert INSA Toulouse/CNRS Toulouse, January 22, 2019 Enhancing Privacy in Machine Learning data ML What ML? What data? What threat? Mathias Humbert - Enhancing Privacy in Machine Learning

1.04k views • 51 slides
Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial

Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial

Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial Nave-Bayes Classifier Dominik Herrmann , Hannes Federrath Rolf Wendolsky University of Regensburg, Germany JonDos GmbH Motivation To Whom It May

901 views • 34 slides
Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocatjon Sazzadur

Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocatjon Sazzadur

PETS 2017 The 17th Privacy Enhancing T echnologies Symposium July 1821, 2017 Minneapolis, MN, USA Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocatjon Sazzadur Rahaman 1 , Long Cheng 1 , Danfeng (Daphne)

650 views • 18 slides
THE NIST PROJECT ON PRIVACY ENHANCING CRYPTOGRAPHY Lus Brando*, Ren Peralta, Angela

THE NIST PROJECT ON PRIVACY ENHANCING CRYPTOGRAPHY Lus Brando*, Ren Peralta, Angela

THE NIST PROJECT ON PRIVACY ENHANCING CRYPTOGRAPHY Lus Brando*, Ren Peralta, Angela Robinson Presentation at ICMC20 International Cryptographic Module Conference September 23, 2020 @ Virtual event * At NIST as a Foreign Guest Researcher

335 views • 20 slides
Pretty Good Privacy Privacy Enhancing Technologies Leonardo A. Martucci CC-BY-4.0 Part 2:

Pretty Good Privacy Privacy Enhancing Technologies Leonardo A. Martucci CC-BY-4.0 Part 2:

Pretty Good Privacy Privacy Enhancing Technologies Leonardo A. Martucci CC-BY-4.0 Part 2: Secure Communications Why do we need secure communications? PGP We are here! TLS and Let's Encrypt Secure messaging Pretty Good Privacy

468 views • 21 slides
A A DVANCED W IRELESS W C SS T ECHNOLOGIES T ECHNOLOGIES Aditya K. Jagannatham Indian

A A DVANCED W IRELESS W C SS T ECHNOLOGIES T ECHNOLOGIES Aditya K. Jagannatham Indian

A A DVANCED W IRELESS W C SS T ECHNOLOGIES T ECHNOLOGIES Aditya K. Jagannatham Indian Institute of Technology Kanpur Indian Institute of Technology Kanpur Commonwealth of Learning Vancouver MOOC on M4D 2013 Wireless Signal Fast Fading

528 views • 31 slides
from Biometrics Benjamin Fuller, Boston University/MIT Lincoln Laboratory Privacy Enhancing

from Biometrics Benjamin Fuller, Boston University/MIT Lincoln Laboratory Privacy Enhancing

Strong Key Derivation from Biometrics Benjamin Fuller, Boston University/MIT Lincoln Laboratory Privacy Enhancing Technologies for Biometrics, Haifa January 15, 2015 Based on three works: Computational Fuzzy Extractors [FullerMengReyzin13]

1.44k views • 55 slides
Privacy Enhancing Technologies 2003 An Analysis of GNUnet and the Implications for Anonymous,

Privacy Enhancing Technologies 2003 An Analysis of GNUnet and the Implications for Anonymous,

Privacy Enhancing Technologies 2003 An Analysis of GNUnet and the Implications for Anonymous, Censorship-Resistant Networks Dennis Kgler Federal Office for Information Security, Germany Dennis.Kuegler@bsi.bund.de 1 Anonymous,

488 views • 16 slides
Bienvenidos! Benvinguts! Welcome! 18th Privacy Enhancing Technologies Symposium Rachel

Bienvenidos! Benvinguts! Welcome! 18th Privacy Enhancing Technologies Symposium Rachel

Bienvenidos! Benvinguts! Welcome! 18th Privacy Enhancing Technologies Symposium Rachel Greenstadt Carmela Troncoso Damon McCoy Drexel University EPFL NYU How we got here 77 submissions 39 submissions 12 accepted 7 accepted PETS 17

491 views • 24 slides
A dynamic technique for enhancing the security and privacy of web applications Ariel Futoransky,

A dynamic technique for enhancing the security and privacy of web applications Ariel Futoransky,

A dynamic technique for enhancing the security and privacy of web applications Ariel Futoransky, Ezequiel Gutesman and Ariel Waissbein Core Security Technologies August 2, 2007 - Blackhat Briefings Outline Outline 1 Introduction 2 Known Tools

762 views • 60 slides
Time Distortion Anonymization for the Publication of Mobility Data with High Utility Vincent

Time Distortion Anonymization for the Publication of Mobility Data with High Utility Vincent

Time Distortion Anonymization for the Publication of Mobility Data with High Utility Vincent Primault, Sonia Ben Mokhtar, Cdric Lauradoux and Lionel Brunie Mobility data usefulness Real-time traffic, traffic prediction Companies

619 views • 26 slides
Module: Privacy Professor Trent Jaeger Penn State University Systems and Internet Infrastructure

Module: Privacy Professor Trent Jaeger Penn State University Systems and Internet Infrastructure

570 views • 30 slides
A Practical Attack to De-Anonymize Social Network Users Gilbert Wondracek (Vienna University of

A Practical Attack to De-Anonymize Social Network Users Gilbert Wondracek (Vienna University of

Int. Secure Systems Lab Vienna University of Technology A Practical Attack to De-Anonymize Social Network Users Gilbert Wondracek (Vienna University of Technology) Thorsten Holz (Vienna University of Technology) Engin Kirda (Institute Eurecom)

776 views • 31 slides
UA-Driven Privacy Mechanism for SIP draft-ietf-sip-ua-privacy-02 Mayumi Munakata Shida Schubert

UA-Driven Privacy Mechanism for SIP draft-ietf-sip-ua-privacy-02 Mayumi Munakata Shida Schubert

IETF72 SIP - Jul. 31, 2008 UA-Driven Privacy Mechanism for SIP draft-ietf-sip-ua-privacy-02 Mayumi Munakata Shida Schubert Takumi Ohba UA-Driven Privacy (draft-ietf-sip-ua-privacy-02) Mayumi M. Changes from 01

432 views • 5 slides
Video anonymization Prof. Dr. Laura Leal-Taix Technical University of Munich All human

Video anonymization Prof. Dr. Laura Leal-Taix Technical University of Munich All human

Video anonymization Prof. Dr. Laura Leal-Taix Technical University of Munich All human beings have three lives: public, private,and secret. Gabriel Garca Mrquez Motivation How I see my work How others see my work Challenging

811 views • 38 slides
Sharing Multimedia on the Internet and the Impact for Online Privacy Dr. Gerald Friedland

Sharing Multimedia on the Internet and the Impact for Online Privacy Dr. Gerald Friedland

Sharing Multimedia on the Internet and the Impact for Online Privacy Dr. Gerald Friedland Senior Research Scientist International Computer Science Institute Berkeley, CA friedland@icsi.berkeley.edu A Popular Introduction to the Problem 3

550 views • 39 slides
Prologue World Association for Medical Law 2019 Annual Congress Recently, many countries are

Prologue World Association for Medical Law 2019 Annual Congress Recently, many countries are

Prologue World Association for Medical Law 2019 Annual Congress Recently, many countries are trying to fully utilize medical records building up in hospitals and clinics. Japanese Effort to Utilize Medical Big Data: In April 2017, the Japanese

299 views • 8 slides
A Method to Compress and Anonymize Packet Traces Markus Peuhkuri 2001-11-02 Abstract Data

A Method to Compress and Anonymize Packet Traces Markus Peuhkuri 2001-11-02 Abstract Data

A Method to Compress and Anonymize Packet Traces Markus Peuhkuri 2001-11-02 Abstract Data volume and privacy issues are one of problems related to large-scale packet capture. Utilizing flow nature of

375 views • 3 slides

More recommend