Technical Solutions Novel Challenges to Privacy Privacy Enhancing Technologies Examples

Transcription

1 Muhammad Eka WIJAYA

2 Technical Solutions Novel Challenges to Privacy Privacy Enhancing Technologies Examples How to Address Privacy in Ubiquitous Work Understand Application Define Problem Know Tools 2

3

4 Collection Scale Ubiquitous computing able to do real life monitoring ( phone usages, web browsing activities, etc ) Monitoring process is always on Collection Manner Ubiquitous technology make things difficult to considerate as public or private. At any point of time, in any location, any of actions could potentially electronically recorded and published. 4

5 Data Types Collecting more facts than human opinion Process the facts using data mining or any statistical methods Collection Motivation Ordinary data from activities will be collected. For government to make better policy For company to understand customer and make better targeted marketing Data Accessibility Data will travels among machines ( machine to machine data interaction ) 5

6 Opacity tools More traditional security approaches, support for authentication and confidentiality. Example : Un-observability tools : prevent attackers from learning that communication took a place Identity management tools : user can prove authority without revealing identity Transparency tools Attempt to improve subjects understanding and control of collected data. Example : Watermarking systems : marking information in order to trace origin of data Policy tools 6

7 Subject allowed to inspect and control corresponding information flow Confab Toolkit 7

8 PawS System 8

9 Challenges Automation : RFID reading doesn t require help of person Identification : significant improvement ability to identify individual Integration : identify tag become difficult without special equipment Authentication 9

10 Main violation may occur Clandestine scanning : tag scanned without carrier s consent Eavesdropping : someone can eavesdrop during data communication between tag and reader or between reader and channel Data leakage : RFID reader can read more information from tag than necessary 10

11 Add more factor to Novel challenges Limited resources Limited computational capability to support advance security such as encryption algorithm Key selection Need a shared secret between tag and reader. But with a lot of tags, difficult to know which tag related with that secret 11

12 Communication Confidentiality and Anti-collision Protocols Encrypt communication between tag and reader Use random UID for tag problem is slower read process Access control Add hashed password to each tag and lock the read ability 12

13 Proxies Incorporating RFID reader with customer device. Customer device can block or allow access to RFID tag. Other approach uses logging and alerting functions that require readers to identify themselves and offer links to machinereadable privacy policies. 13

14 Location information is very sensitive Example : If a thief can get location information from someone, it will be easier for them to do a robbery. Solution for protection Separate identity from time and location 14

15 Solution for protection Obfuscate location and time 15

16

17 Define the form of products as they relate with user behavior and usage Anticipate how the use of products will mediate human relationship and affect human understanding Explore dialogue between products, people, and context 17

18 Define what type of privacy that provided to users Make threat model from the use of products, technical development, and how the products work Should think not only attack may occur but opportunity for unwanted disclosure based on actual and potential information flows Information flows : social and organizational context Technological context 18

19 Understand the limit and capabilities of security and access control technology Example : Advanced encryption algorithm may not able to be implemented in RFID because of limited resources 19

20