A privacy-enhancing technology:

Transcription

1 A privacy-enhancing technology: sticky policies Privacy-Enhancing Technologies / DD3344 Guillermo Rodríguez Cano Stockholm, November 12th, 2012

2 what are they? how do they work? what are their problems? do they have alternatives?

3 technological support for accountability 2

4 What are sticky policies?

5 committed obligations 4

6 Committed obligations conditions and constraints decided by a data owner to describe how its personal identifiable information should be treated by a receiver Many different types access control privacy obligation... Written in many languages Add a new level of complexity 5

7 <data pa ckage> <data component> // Identity and profile - attribute 1 <sticky policy> // disclosure policy IBE public key <Trusted Authority> address and location of the Trusted Authority </Trusted Authority> <owner> <reference name> pseudonym1 </reference name> //reference name IBE public key <owner s details> encrypted call back address <owner s details> //encrypted call back address //by using the user s reference name </owner> <target> name of the identity or profile attribute </target> <validity> //validity expiration date </validity> <constraint> //constraints require_strong_x.509_authentication </constraint> <constraint> allow_sharing_of_data </constraint> <action> //actions notify_owner </action> </sticky policy> <encrypted data> encrypted attribute value, using the above policy as IBE public key </encrypted data> </data component> </data package> Committed obligations 5

8 actors 6

9 Data owner Actors discloses personal identifiable information (PII) expresses privacy consents when disclosing PII by opting in and out Trust Authority (TA) entity checking integrity and trustworthiness of requestor s credentials, and environment according to specified sticky policies provides accountability, tracing and auditing information of owner s data access and usage Policy Enforcement Point (PEP) stores and provides access to PII via the TA guarantees to the TA the acceptance, satisfaction and enforcement of the sticky policies 7

10 How do sticky policies work?

11 Do they have any problem?

12 policy enforcement 10

13 Policy enforcement enforcement cannot be guaranteed and prevention of policy modification cannot be guaranteed either Cheating breaking promises to the TA Logical unbinding owner s data is fully available once binding has been broken 11

14 public-key encryption 12

15 Using Public-Key Encryption (PKE) data owner encrypts a message mi using the receiver s public key PKidr Policy enforcement by the data owner validate receiver s public key, PKidr send {idr, condition, E(mi, PKidr)} to the PEP Policy enforcement by the PEP validate that condition holds send {E(mi, PKidr)} to idr 13

16 Expressiveness Using Public-Key Encryption (PKE) PKE certificates are issued with respect to the user s identity Requirements on TA validation of receiver s public key by data owner Requirements on PEP semi-trusted Policy and key updating update condition in idr, condition, E(mi, PKidr) for any, idr, condition, E(mi, PKidr), if idr changes to ids, data owner needs to generate E(mi, PKids) again and let PEP replace it where appropriate if SKidr is compromised, all associated rules with idr shall be updated 14

17 identity-based encryption 15

18 Using Identity-Based Encryption (IBE) data owner encrypts a message mi using the receiver s IBE identity Policy enforcement by the data owner validate TA s public key, PKTA send {idr, condition, E(mi, idr)} to the PEP Policy enforcement by the PEP validate that condition holds send {idr, E(mi, idr)} to idr Policy enforcement by the TA validate the identity idr send SKidr to idr 16

19 Using Identity-Based Encryption (IBE) Expressiveness more constraints can be embedded into receiver s IBE identity Requirements on TA should be on-line for receiver s requests and identity provisioning Requirements on PEP semi-trusted (as in PKE) Policy and key updating update condition in idr, condition, E(mi, idr) for any, idr, condition, E(mi, PKidr), if idr changes to ids, data owner needs to generate E(mi, idr) again and let PEP replace it where appropriate if SKidr is compromised, all associated rules with idr shall be updated 17

20 attribute-based encryption 18

21 Using Attribute-Based Encryption (ABE) data owner encrypts the message mi based on an access structure! Policy enforcement by the data owner validate TA s public key, PKTA send {!, condition, E(mi,!, PKTA)} to the PEP Policy enforcement by the PEP validate that condition holds send {!, E(mi,!, PKTA)} to idr 19

22 Expressiveness Using Attribute-Based Encryption (ABE) finer-grained than PKE and IBE but less expressive than IBE Requirements on TA provides information about available attributes for the definition of! Requirements on PEP semi-trusted (an adversary should not be able to decrypt mi) Policy and key updating update condition in!, condition, E(mi,!, PKTA) for any {!, condition, E(mi,!, PKTA)} if! changes to!*, data owner needs to generate E(mi,!*, PKTA) again and let PEP replace it where appropriate if private keys associated with! are compromised, all associated rules with any attribute in! shall be updated 20

23 proxy re-encryption 21

24 Using Proxy Re-Encryption (PRE) user encrypts a message mi using its own public key PKida and enforce its policy by assigning a re-encryption key to the PEP Policy enforcement by the data owner obtain E(mi, PKida) validate receiver s public key, PKidr and TA s send {idr, condition, E(mi, PKida)} and the proxy reencryption key RKPKida PKidr to the PEP Policy enforcement by the PEP validate that condition holds send {Preenc(E(mi, PKida), RKPKida PKidr} to idr 22

25 Expressiveness Depends on TA s encryption scheme Requirements on TA Depends on the chosen encryption scheme Requirements on PEP Using Proxy Re-Encryption (PRE) higher trust is required (potential re-encryption of all messages) Policy and key updating update condition in {idr, condition, E(mi, PKida)} for any {idr, condition, E(mi, PKida)} if idr changes to ids, data owner needs to inform the PEP of the new ids if SKidr is compromised, all associated rules with idr shall be updated if SKida is compromised, data owner needs to generate a new key pair {PK*ida, SK*ida} and have the PEP replace every re-encryption key 23

26 proxy re-encryption 24

27 Using Proxy Re-Encryption (PRE) user encrypts a message mi using its own public key PKida and enforce its policy by assigning a re-encryption key to the PEP Policy enforcement by the data owner obtain E(mi, PKida) validate receiver s public key, PKidr and TA s send {idr, condition, E(mi, PKida)} and the proxy reencryption key RKPKida PKidr to the PEP Policy enforcement by the PEP validate that condition holds send {Preenc(E(mi, PKida), RKPKida PKidr} to idr 25

28 Expressiveness Depends on TA s encryption scheme Requirements on TA Depends on the chosen encryption scheme Requirements on PEP Using Proxy Re-Encryption (PRE) higher trust is required (potential re-encryption of all messages) Policy and key updating update condition in {idr, condition, E(mi, PKida)} for any {idr, condition, E(mi, PKida)} if idr changes to ids, data owner needs to inform the PEP of the new ids if SKidr is compromised, all associated rules with idr shall be updated if SKida is compromised, data owner needs to generate a new key pair {PK*ida, SK*ida} and have the PEP replace every re-encryption key 26

29 Are there alternatives?

30 digital rights management 28

31 Digital Rights Management (DRM) assume receiver is a bad guy who wants to rip off owner s data Receiver is actually restricted in what it can do with the data when DRM are in place In particular, privacy (sticky) policies are assumed to be enforced by the receiver no matter what 29

32 trusted platforms 30

33 Trusted platforms provide better mechanisms and tools to check integrity of computing platforms and software installed Protect against theft and misuse of secrets held on the platform Guarantee that integrity of hardware and software can be checked locally and remotely (used to deduce the level of trust) Provide mechanism to prove that computing scenario is a trusted platform while maintaining anonymity (if required) 31

34 Questions? Otherwise... thanks :)

35 Sources Casassa Mont, Marco, Vaibhav Sharma, and Siani Pearson. "EnCoRe: Dynamic Consent, Policy Enforcement and Accountable Information Sharing within and across Organisations., 2012 Pearson, Siani. "Privacy Management in Global Organisations." In Communications and Multimedia Security, pp Springer Berlin/Heidelberg, 2012 Pearson, Siani, and Marco Casassa Mont. "Sticky Policies: An Approach for Managing Privacy across Multiple Parties." In Computer 44.9, pp IEEE, 2011 Tang, Qiang. "On using encryption techniques to enhance sticky policies enforcement.", 2008 Mont, Marco Casassa, Siani Pearson, and Pete Bramhall. "Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services." In Database and Expert Systems Applications, Proceedings. 14th International Workshop on, pp IEEE,

36 cb All images are Creative Commons licensed Sourced from Flick.r Contact author for presentation license