Privacy Challenges in Big Data and Industry 4.0

Similar documents
Altitude Software. Data Protection Heading 2018

Big Data - Security with Privacy

Fujitsu World Tour 2018

Overview of Information Security

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

An Overview of Smart Sustainable Cities and the Role of Information and Communication Technologies (ICTs)

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

Secure Product Design Lifecycle for Connected Vehicles

University of Pittsburgh Security Assessment Questionnaire (v1.7)

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Prajapati Het I., Patel Shivani M., Prof. Ketan J. Sarvakar IT Department, U. V. Patel college of Engineering Ganapat University, Gujarat

CYBER SECURITY AND MITIGATING RISKS

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Cybersecurity in Higher Ed

Securing Your Most Sensitive Data

Copyright 2017 Ford Motor Company, All Rights Reserved

Cyber Risks in the Boardroom Conference

Preserving Data Privacy in the IoT World

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

GRANDSTREAM PRIVACY STATEMENT

Introduction Privacy, Security and Risk Management. What Healthcare Organizations Need to Know

Whitepaper on AuthShield Two Factor Authentication with SAP

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

2017 RIMS CYBER SURVEY

LBI Public Information. Please consider the impact to the environment before printing this.

SECURITY & PRIVACY DOCUMENTATION

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

What is ISO ISMS? Business Beam

Update on HIPAA Administration and Enforcement. Marissa Gordon-Nguyen, JD, MPH October 7, 2016

PRIVACY STATEMENT +41 (0) Rue du Rhone , Martigny, Switzerland.

New Guidance on Privacy Controls for the Federal Government

ngenius Products in a GDPR Compliant Environment

CipherCloud CASB+ Connector for ServiceNow

ADIENT VENDOR SECURITY STANDARD

Syed Ismail Shah, PhD Chairman, PTA,

Solving the Really Big Tech Problems with IoT Data Security and Privacy

Cybersecurity Considerations for GDPR

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

CYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston

Security Policies and Procedures Principles and Practices

716 West Ave Austin, TX USA

VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT

Internet of Things Toolkit for Small and Medium Businesses

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

IoT & SCADA Cyber Security Services

Learning Management System - Privacy Policy

Certified Cyber Security Analyst VS-1160

General Data Protection Regulation (GDPR) Key Facts & FAQ s

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Re: Special Publication Revision 4, Security Controls of Federal Information Systems and Organizations: Appendix J, Privacy Control Catalog

Void main Technologies

Privacy Policy V2.0.1

AN IPSWITCH WHITEPAPER. 7 Steps to Compliance with GDPR. How the General Data Protection Regulation Applies to External File Transfers

STATE OF NEW JERSEY. ASSEMBLY, No th LEGISLATURE. Sponsored by: Assemblywoman ANNETTE QUIJANO District 20 (Union)

Data Privacy in Big Data Applications. Sreagni Banerjee CS-846

Ensuring Privacy and Security of Health Information Exchange in Pennsylvania

ECEN Security and Privacy for Big Data. Introduction Professor Yanmin Gong 08/22/2017

Teradata and Protegrity High-Value Protection for High-Value Data

GDPR COMPLIANCE REPORT

EMERGING TRENDS IN WHITE COLLAR CRIMES

Strategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare

Critical Information Infrastructure Protection Law

Security and Privacy in the Internet of Things : Antonio F. Skarmeta

POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents

Economic and Social Council

Big data privacy in Australia

Beam Technologies Inc. Privacy Policy

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

Deloitte Audit and Assurance Tools

HIPAA Security and Privacy Policies & Procedures

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

The Unseen Leak: Faxing in the era of SOX, Gramm-Leach Bliley/PIPEDA and HIPAA

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Cybersecurity Auditing in an Unsecure World

Identity Management: Setting Context

How do you decide what s best for you?

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

Information Security Policy

Wireless LAN Security (RM12/2002)

Information Security in Corporation

BUZCOIN TOKENS SALE PRIVACY POLICY. Last updated:

PPR TOKENS SALE PRIVACY POLICY. Last updated:

HPE DATA PRIVACY AND SECURITY

Recruitment Privacy Notice

Privacy Policy Effective May 25 th 2018

Recommendations on How to Tackle the D in GDPR. White Paper

IS Today: Managing in a Digital World 9/17/12

Secure Government Computing Initiatives & SecureZIP

Evaluating the Security of Your IT Network. Vulnerability Scanning & Network Map

STUDENT GUIDE Risk Management Framework Step 1: Categorization of the Information System

RippleMatch Privacy Policy

The NIS Directive and Cybersecurity in

If you have any questions or concerns about this Privacy Policy, please Contact Us.

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty

Empowering Business Adoption of the Cloud through Intelligent Security Solutions and Active Defense Platforms

Privacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cloud Computing

Amit Panchal Enterprise Technology Strategist

Meeting FFIEC Meeting Regulations for Online and Mobile Banking

Transcription:

Privacy Challenges in Big Data and Industry 4.0 Jiannong Cao Internet & Mobile Computing Lab Department of Computing Hong Kong Polytechnic University Email: csjcao@comp.polyu.edu.hk http://www.comp.polyu.edu.hk/~csjcao/ Slide 1

Outline What s privacy about? Privacy issues Existing privacy measures New challenges by big data and industry 4.0 Addressing new challenges Summary Slide 2

What is Privacy? The desire of a person / entity to control the disclosure of personal / private information Freedom from observation, intrusion, or attention of others Related by different from security Protected from deliberate or accidental damage Include protection of privacy Slide 3

What is Privacy? Many privacy use cases studied Retail and marketing Healthcare Medicine Government Industry Education Transportation... Slide 4

Privacy Issues How is my data is collected? Where is my data? How is it used? Who sees it? Is anything private anymore? Slide 5

Privacy Risks Unauthorized use Mismanagement of big data: big data constantly at employee fingertips Misuse Sale of data for monetary reward Stealing Business espionage Exploring Searching and mining... Content Privacy Interaction Privacy Comm. Privacy Slide 6

Privacy Risks Privacy rights or obligations are related to the collection, use, disclosure, storage, and destruction of personal data Slide 7

Existing Privacy Measures Encryption Encryption of data and communication reduces risk of information theft Biometric authentication Software risk analysis and verification Privacy-preserving data publishing and processing Maximize data utility while limiting disclosure risk to an acceptable level Personal and population privacy Data anonymization Query and computing on encrypted data Slide 8

Data clustering K-anonymity If the information for each person contained in the release cannot be distinguished from at least k-1 other individuals in the release Key Attributes Quasi-identifier K-anonymity table (k=2) Works only on quasi-identifiers but not sensitive attributes Subject to subtle but effective attacks, e.g., homogeneity attack due to lack of diversity in sensitive attributes, and background knowledge attack based an adversary s knowledge of the victims Slide 9

Data clustering l-diversity Extending k-anonymity by including the sensitive attributes: guarantee there are at least l distinct values for the sensitive attributes in each qid group. K-anonymity table (k=2) obeying l-diversity (l=2) t-closeness guarantee distribution of data on a qid group is bounded by t against its corresponding distribution on the whole data set. Slide 10

Differential Privacy Framework of differential privacy Prevent attackers from obtaining private information by multiple queries on top of his knowledge of victims. Strategy: for two data sets with a minimum difference, limit the difference between the queries on the two data sets: reducing information gain for attackers. E.g. output perturbation: add noise to output. Slide 11

Computing on Encrypted Data I want to delegate processing of my data without giving away access to it Encrypt my data before uploading it to Cloud, allow Cloud to search / sort / edit the data on my behalf, keeping the data encrypted in Cloud, without needing to ship back and force to be decrypted. Encrypt my queries to Cloud, while still allowing Cloud to process them, returning encrypted answers (I can decrypt) Slide 12

Computing on Encrypted Data I want to delegate the computation to the cloud, I want but to delegate the cloud the shouldn t computation see my to input the cloud Enc(x) P Enc[P(x)] Client Server/Cloud (Input: x) (Program: P) Slide 13

Big Data and Industry 4.0 Slide 14

Big Data and Industry 4.0 Slide 15

New Privacy Risks Big data & industry 4.0 create intelligent environments and a massive concentration of resources Gather significant amounts of data about inhabitants Behavior and usage patterns Personal preferences Inhabitant data A massive concentration of risk expected loss from a single breach can be significantly large Increased connectivity and interactions of devices Complex systems and inextricable problems involving both cyber and physical worlds. Slide 16

Information collection and discovery Often voluntary, but also Legal, involuntary sources Surveillance Monitoring Aggregation New Privacy Risks Finding missing / new pieces of information Big Data can violate your privacy without any one piece of data violating your privacy. Threats of massive data mining! Slide 17

New Privacy Risks Massive number of devices and higher mobility Devices (vehicles, smart homes, watches) with Cloud / mobile interfaces are vulnerable to attack Tiny objects with simple artifact and scarce resource e.g., potentially Trillions of Tag Reads per Day with basically zero security on the tags. Smart watch communications trivially intercepted / transmitted without encryption. Slide 18

New Privacy Risks Remote access facilities Intelligent environments can frequently be accessed remotely over the network Computer-enabled access to the site Intruders can falsify access authentications Large, multi-sourced databases Multiple, large amounts of private information represent a target for intruders Wireless communications Wireless communications are easy to intercept and hard to regulate due to diversity Slide 19

Address New Challenges Seeing research on security for IoT and Cloud but not much on big data and large-scale IoT like Industry 4.0 scenarios. Improve existing privacy protection methods to meet new requirements of big data & Industry 4.0. Applying big data management and analytics for cyber security and privacy. Integrating cross-disciplinary research with social scientists in sociology, psychology, and public policy studies. Having a better understanding of the privacy problem from different perspectives Slide 20

Address New Challenges Need new privacy framework including privacy policies, standards, procedures, practices, mechanisms and technology can be implemented, supported and audited Legislation and regulation Data ownership Data governance Technologies guided by laws and policies to address security and privacy issues throughout the lifecycle of the data Slide 21

Address New Challenges NIST Big Data Working Group Slide 22

Remaining Open Challenges The concept of privacy varies widely among (and sometimes within) countries, cultures, and jurisdictions. shaped by public expectations and legal interpretations; a concise definition is elusive if not impossible. Measurement of privacy Not only technical, also social and psychological New theoretical privacy framework for big data Scalability, lightweight and efficiency of privacy algorithms Heterogeneity of data sources Slide 23

Remaining Open Challenges Big data and IoT are designed to share information but security and privacy were an afterthought (and it continues to be today) Privacy by design: It is much easier and far more cost-effective to build in privacy, up-front, rather than after-the-fact View privacy as a business issue, not a compliance issue Slide 24

Summary Intelligent environments powered by big data and IoT pose many security and privacy issues Inhabitant privacy has to be protected Access has to be restricted to authorized individuals Communication links have to be secured Software has to be reliable Need scalable and practical solutions to security and privacy Very limited privacy research in context of big data and Industry 4.0 Slide 25

Summary Practical recommendations (e.g., OWASP): Only collect data the device needs to function Try not to collect sensitive data De-identify or anonymize Ensure the Thing and its components protect personal information Only give access to authorized individuals Notice and Choice for end-users if more data is collected than would be expected Need greater effort to improve existing work, especially the theoretical attempt and put them into practical use. Open Web Appllication Security Project (slightly edited) https://www.owasp.org/index.php/owasp_internet_of_things_top_ten_project Slide 26

Big data, Industry 4.0 and Privacy We can have them all! Slide 27

Slide 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback