privacy enhancing t echnologies
play

Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE - PowerPoint PPT Presentation

Jan 05, 2023 •172 likes •668 views

T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design Ulm 9 th -10 th March 2015 11/03/2015 Privacy

  1. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design Ulm 9 th -10 th March 2015 11/03/2015 Privacy Enhancing T echnologies 1

  2. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Outline • What are privacy enhancing technologies? • Privacy Enhancing T echnologies – PET s for personal data management – PET s for data disclosure minimization • Conclusions 11/03/2015 Privacy Enhancing T echnologies 2

  3. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve What are privacy enhancing technologies? 11/03/2015 Privacy Enhancing T echnologies 3

  4. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve What is privacy? • So far in the workshop: – Abstract and subjective concept, hard to defjne – Popular defjnitions: • “The right to be let alone”: freedom from intrusion • “Informational self-determination” : focus on control – EU Regulation Data Protection Directive (95/46/EC) • What data can be collected and how should it be protected – Privacy controls: more detailed high level description • And from a technical point of view? – Privacy properties 11/03/2015 Privacy Enhancing T echnologies 4

  5. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy properties: Anonymity • Hiding link between identity and action/piece of information. – Reader of a web page, person accessing a service – Sender of an email, writer of a text – Person to whom an entry in a database relates – Person present in a physical location • Defjnitions: – Pfjtzmann-Hansen (PH) [1] “Anonymity is the state of being not identifjable within a set of subjects, the anonymity set [...] The anonymity set is the set of all possible subjects who might cause an action” [pattern Anonymity set] – ISO 29100 [2] “defjnes anonymity as a characteristic of information that does not permit a personally identifjable information principal to be identifjed directly or indirectly” • In practice it is a Probabilistic defjnition 11/03/2015 Privacy Enhancing T echnologies 5

  6. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy properties: Pseudonymity – PH [1] “Pseudonymity is the use of pseudonyms as IDs [...] A digital pseudonym is a bit string which is unique as ID and which can be used to authenticate the holder” [pattern Pseudonymous identity ] – ISO15408 [3] “pseudonymity ensures that a user may use a resource or service without disclosing its identity, but can still be accountable for that use. ” Persistent One time Hybrid pseudonyms pseudonyms (Multiple (Identity!) (Anonymity) identities) 11/03/2015 Privacy Enhancing T echnologies 6

  7. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy properties: Unlinkability • Hiding link between two or more actions/identities/info pieces – T wo anonymous letters written by the same person – T wo web page visits by the same user – Entries in two databases related to the same person – T wo people related by a friendship link – Same person spotted in two locations at difgerent points in time • Defjnitions – PH [1] “ Unlinkability of two or more items means that within a system , these items are no more and no less related than they are related concerning the a-priori knowledge” – ISO15408 [3] “unlinkability ensures that a user may make multiple uses of resources or services without others being able to link these uses together ” 11/03/2015 Privacy Enhancing T echnologies 7

  8. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy properties: Unobservability • Hiding user activity. – whether someone is accessing a web page – whether an entry in a database corresponds to a real person – whether someone or no one is in a given location • Defjnitions – PH [1] “Unobservability is the state of items of interest being indistinguishable from any item of interest at all [...] Sender unobservability then means that it is not noticeable whether any sender within the unobservability set sends.” – ISO15408 [3] “unobservability ensures that a user may use a resource or service without others, especially third parties, without being able to observe that the resource or service is being used.” 11/03/2015 Privacy Enhancing T echnologies 8

  9. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy properties: Plausible deniability • Not possible to prove user knows, has done or has said something – Ofg-the-record conversations – Resistance to coercion: • Not possible to prove that a person has hidden information in a computer • Not possible to know that someone has the combination of a safe – Possibility to deny having been in a place at a certain point in time – Possibility to deny that a database record belongs to a person 11/03/2015 Privacy Enhancing T echnologies 9

  10. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy properties • So far it was about de-coupling identity and actions • but we could keep identity and hide data – Cryptographic security properties – Not similar widely accepted for other means (the previous properties are building blocks) • Difgerential privacy: a data base looks “almost” the same before and after an event occurs. – Special noise 11/03/2015 Privacy Enhancing T echnologies 10

  11. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy enhancing technologies • T echnologies that enable users to preserve their privacy – In terms of technical properties • From whom? 1. Third parties = trust on data controller/processor (or must disclose data) • PET s for personal data management • Support to Data Protection 2. Data controller = no trust • PET s for data disclosure minimization (i.e., minimize trust) • “Ultimate” Data Protection 11/03/2015 Privacy Enhancing T echnologies 11

  12. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy enhancing technologies • T echnologies that enable users to preserve their privacy – In terms of technical properties • From whom? 1. Third parties = trust on data controller/processor (or must disclose data) • PET s for personal data management [“soft privacy”] • Support to Data Protection 2. Data controller/processor = no trust • PET s for data disclosure minimization (i.e., minimize trust) [“hard privacy”] 11/03/2015 Privacy Enhancing T echnologies 12 • “Ultimate” Data Protection

  13. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve PET s for personal data management 11/03/2015 Privacy Enhancing T echnologies 13

  14. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve PET s for decision support • Provide insight in how user’s data is being collected, stored, processed and disclosed to the data subject to enable well-informed decisions [ pattern Protection against tracking] • Transparency-Enhancing T echnologies [4] – Google Dashboard : what personal data is stored and who has access – Collusion (Firefox addon) : list of entities tracking users – Mozilla Privacy Icons: simple visual language to make privacy policies more understandable – Privacy Bird (IE Add-on): shows user whether webpage complies with her preferred policy based on image s Privacy as • Challenges Control – How to provide information useful to users Privacy as • How to convey it Practice • How to make users understand 11/03/2015 Privacy Enhancing T echnologies 14

  15. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve PET s for consent support • Provide users with means to express their privacy preferences and give consent [ pattern Protection against tracking] • Privacy policies languages (P3P, S4P, SIMPL) – Automated processing and comparison with users’ preferences – Diffjcult to make unambiguous and inform users (TET s) – Diffjcult to standardize and make them expressive • Anti-tracking Privacy as Control – Do Not T rack options Privacy as Practice • Browser tag expressing who can collect personal data – Track Me Not plugin • Renders collection useless 11/03/2015 Privacy Enhancing T echnologies 15

  16. T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve PET s for enforcement support • Provide users with means to enforce their preferences • Locally “easy”: blockers (pop-ups, ads, cookies,...) • Remotely – Sticky policies associated to data(e.g., trusted third party stores encryption keys only disclosed in certain cases) – Use of trusted hardware (HSMs, TPMs) to process data “out” of the server’s control Privacy as Control Privacy as Practice 11/03/2015 Privacy Enhancing T echnologies 16

Recommend

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR MISSION Least Authoritys mission is to build and support ethical and usable technology solutions that advance digital security and privacy as

552 views • 13 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Meanings of "Privacy" in Privacy Enhancing Technologies

Meanings of "Privacy" in Privacy Enhancing Technologies

Meanings of "Privacy" in Privacy Enhancing Technologies Claudia Diaz KU Leuven COSIC Digital IdenBty Management (DIM) November 8, 2013 Claudia

565 views • 19 slides
Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies

Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies

Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies Symposium July 2427, 2018 Dionysis Manousakas , Cecilia Mascolo , , Alastair R. Beresford , Dennis Chan , Nikhil Sharma

758 views • 45 slides
Privacy Enhancing Technologies for the Internet, Parts I and II Ian Goldberg, David Wagner, Eric

Privacy Enhancing Technologies for the Internet, Parts I and II Ian Goldberg, David Wagner, Eric

Privacy Enhancing Technologies for the Internet, Parts I and II Ian Goldberg, David Wagner, Eric Brewer presented by Nikita Borisov ECE598NB - Spring 2006 Motivation Threats to privacy Online actions monitored Information

776 views • 26 slides
Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy Network Meeting 10 April 2019 Presentation by Melanie Casley www.salingerprivacy.com.au The cause of so much confusion Back to Basics Privacy

388 views • 19 slides
Enhancing Privacy in Machine Learning Mathias Humbert INSA Toulouse/CNRS Toulouse, January 22,

Enhancing Privacy in Machine Learning Mathias Humbert INSA Toulouse/CNRS Toulouse, January 22,

Enhancing Privacy in Machine Learning Mathias Humbert INSA Toulouse/CNRS Toulouse, January 22, 2019 Enhancing Privacy in Machine Learning data ML What ML? What data? What threat? Mathias Humbert - Enhancing Privacy in Machine Learning

1.04k views • 51 slides
Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial

Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial

Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial Nave-Bayes Classifier Dominik Herrmann , Hannes Federrath Rolf Wendolsky University of Regensburg, Germany JonDos GmbH Motivation To Whom It May

901 views • 34 slides
Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocatjon Sazzadur

Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocatjon Sazzadur

PETS 2017 The 17th Privacy Enhancing T echnologies Symposium July 1821, 2017 Minneapolis, MN, USA Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocatjon Sazzadur Rahaman 1 , Long Cheng 1 , Danfeng (Daphne)

650 views • 18 slides
THE NIST PROJECT ON PRIVACY ENHANCING CRYPTOGRAPHY Lus Brando*, Ren Peralta, Angela

THE NIST PROJECT ON PRIVACY ENHANCING CRYPTOGRAPHY Lus Brando*, Ren Peralta, Angela

THE NIST PROJECT ON PRIVACY ENHANCING CRYPTOGRAPHY Lus Brando*, Ren Peralta, Angela Robinson Presentation at ICMC20 International Cryptographic Module Conference September 23, 2020 @ Virtual event * At NIST as a Foreign Guest Researcher

335 views • 20 slides
Pretty Good Privacy Privacy Enhancing Technologies Leonardo A. Martucci CC-BY-4.0 Part 2:

Pretty Good Privacy Privacy Enhancing Technologies Leonardo A. Martucci CC-BY-4.0 Part 2:

Pretty Good Privacy Privacy Enhancing Technologies Leonardo A. Martucci CC-BY-4.0 Part 2: Secure Communications Why do we need secure communications? PGP We are here! TLS and Let's Encrypt Secure messaging Pretty Good Privacy

468 views • 21 slides
A A DVANCED W IRELESS W C SS T ECHNOLOGIES T ECHNOLOGIES Aditya K. Jagannatham Indian

A A DVANCED W IRELESS W C SS T ECHNOLOGIES T ECHNOLOGIES Aditya K. Jagannatham Indian

A A DVANCED W IRELESS W C SS T ECHNOLOGIES T ECHNOLOGIES Aditya K. Jagannatham Indian Institute of Technology Kanpur Indian Institute of Technology Kanpur Commonwealth of Learning Vancouver MOOC on M4D 2013 Wireless Signal Fast Fading

528 views • 31 slides
from Biometrics Benjamin Fuller, Boston University/MIT Lincoln Laboratory Privacy Enhancing

from Biometrics Benjamin Fuller, Boston University/MIT Lincoln Laboratory Privacy Enhancing

Strong Key Derivation from Biometrics Benjamin Fuller, Boston University/MIT Lincoln Laboratory Privacy Enhancing Technologies for Biometrics, Haifa January 15, 2015 Based on three works: Computational Fuzzy Extractors [FullerMengReyzin13]

1.44k views • 55 slides
Privacy Enhancing Technologies 2003 An Analysis of GNUnet and the Implications for Anonymous,

Privacy Enhancing Technologies 2003 An Analysis of GNUnet and the Implications for Anonymous,

Privacy Enhancing Technologies 2003 An Analysis of GNUnet and the Implications for Anonymous, Censorship-Resistant Networks Dennis Kgler Federal Office for Information Security, Germany Dennis.Kuegler@bsi.bund.de 1 Anonymous,

488 views • 16 slides
Bienvenidos! Benvinguts! Welcome! 18th Privacy Enhancing Technologies Symposium Rachel

Bienvenidos! Benvinguts! Welcome! 18th Privacy Enhancing Technologies Symposium Rachel

Bienvenidos! Benvinguts! Welcome! 18th Privacy Enhancing Technologies Symposium Rachel Greenstadt Carmela Troncoso Damon McCoy Drexel University EPFL NYU How we got here 77 submissions 39 submissions 12 accepted 7 accepted PETS 17

491 views • 24 slides
A dynamic technique for enhancing the security and privacy of web applications Ariel Futoransky,

A dynamic technique for enhancing the security and privacy of web applications Ariel Futoransky,

A dynamic technique for enhancing the security and privacy of web applications Ariel Futoransky, Ezequiel Gutesman and Ariel Waissbein Core Security Technologies August 2, 2007 - Blackhat Briefings Outline Outline 1 Introduction 2 Known Tools

762 views • 60 slides
Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments

Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments

Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments Seongmin Kim , Juhyeng Han, Jaehyeong Ha, Taesoo Kim *, Dongsu Han * 1 Tor anonymity network Tor: the most popular anonymity network for Internet

600 views • 36 slides
CSE 127: Introduction to Security Lecture 17: Privacy and Anonymity Nadia Heninger and Deian

CSE 127: Introduction to Security Lecture 17: Privacy and Anonymity Nadia Heninger and Deian

CSE 127: Introduction to Security Lecture 17: Privacy and Anonymity Nadia Heninger and Deian Stefan UCSD Fall 2019 Lecture outline Foundations of privacy Historical and current crypto wars in the US Privacy-enhancing

611 views • 50 slides
About Company MicroMesh T echnologies is a dynamically developing company, aimed at the

About Company MicroMesh T echnologies is a dynamically developing company, aimed at the

The Presentation of LLC icroMesh T echnologies production www.mst56.ru About Company MicroMesh T echnologies is a dynamically developing company, aimed at the creation and implementation of innovative technologies in a wide

372 views • 13 slides
SoK: Privacy on Mobile Devices Its Complicated Chad Spensky , Jeffrey Stewart, Arkady

SoK: Privacy on Mobile Devices Its Complicated Chad Spensky , Jeffrey Stewart, Arkady

SoK: Privacy on Mobile Devices Its Complicated Chad Spensky , Jeffrey Stewart, Arkady Yerukhimovich, Richard Shay, Ari Trachtenberg, Rick Housley, and Robert K. Cunningham Privacy Enhancing Technologies Symposium 2016 Is Privacy Possible

542 views • 15 slides
Analysis of Privacy-Enhancing Protocols Based on Anonymity Networks abio Borges , Leonardo A.

Analysis of Privacy-Enhancing Protocols Based on Anonymity Networks abio Borges , Leonardo A.

Analysis of Privacy-Enhancing Protocols Based on Anonymity Networks abio Borges , Leonardo A. Martucci , Max M auser F uhlh Technische Universit at Darmstadt Telecooperation Lab 64293 Darmstadt, Germany Email:

67 views • 6 slides
Data privacy. Introduction Vicen c Torra February, 2018 Introduction Outline Introduction

Data privacy. Introduction Vicen c Torra February, 2018 Introduction Outline Introduction

Data privacy. Introduction Vicen c Torra February, 2018 Introduction Outline Introduction Goals: / Topics Privacy from three different perspectives: anonymous communications/privacy enhancing technologies, privacy preserving data

197 views • 6 slides
Privacy Enhancing Technology and the Right to be Forgotten Michael Kolain Taking on the epic

Privacy Enhancing Technology and the Right to be Forgotten Michael Kolain Taking on the epic

Privacy Enhancing Technology and the Right to be Forgotten Michael Kolain Taking on the epic boss: The right to erasure Right to erasure (right to be forgotten) Art. 17 GDPR (1) The data subject shall have the right to obtain from the

513 views • 16 slides
Performance of Privacy-Enhancing Cryptography on Smartphones BUT Cryptology Research Group Dr.

Performance of Privacy-Enhancing Cryptography on Smartphones BUT Cryptology Research Group Dr.

About Us ABCs Conclusion Performance of Privacy-Enhancing Cryptography on Smartphones BUT Cryptology Research Group Dr. Jan Hajny SIX Research Centre Brno University of Technology hajny@feec.vutbr.cz http://crypto.utko.feec.vutbr.cz Dr.

656 views • 13 slides

More recommend