Privacy protection in Wi-Fi analytics systems

Slides:



Advertisements
Similar presentations
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Advertisements

Regulation models addressing data protection issues in the EU concerning RFID technology Ioannis Iglezakis Assistant Professor in Computers & Law Faculty.
Security in Internet of Things Begins with the Data
Privacy Issues in Networks
chownIoT Secure Handling of Smart Home IoT Devices Ownership Change
Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [On IETF LPWAN] Date Submitted: [10 July.
ETSI Software Reconfiguration Overview
Month Year doc.: IEEE yy/xxxxr0 May 2012
Proposed SFD Text for ai Link Setup Procedure
Teleconference Agenda
TGaq Service Transaction Protocol for ANDSF Discovery Service
Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [On IETF LPWAN] Date Submitted: [10 July.
Discussions on FILS Authentication
Relay Threat Model for TGaz
Relay Threat Model for TGaz
Security and Privacy Consideration of aq
OmniRAN Introduction and Way Forward
P802.11aq Waiver request regarding IEEE RAC comments
P802.11aq Pre-Association Service Discovery Summary
Relay Threat Model for TGaz
Relay Threat Model for TGaz
Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [On IETF LPWAN] Date Submitted: [10 July.
TGaq Pre-Association Summary
January 15th Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Security protocol for Body area networks]
P802.11aq Pre-Association Service Discovery Summary
P802.11aq Pre-Association Service Discovery Summary
BSS Scanning through Low Power Radio
P802.11aq Waiver Request Additional Information
802E Privacy Recommendations Update to
Uplink Broadcast Service
Enhancements to Mesh Discovery
doc.: IEEE <doc#>
Scanning from Specific Channel
Low Power Sensor Broadcast Use Cases
Privacy Recommendations for 802 LMSC Section 8: Recommendations
Liaison to WFA service discovery summary
Listen to Probe Request from other STAs
Security Ad-Hoc Report Draft
802E Privacy Recommendations Update to
<month year> <doc.: IEEE doc> Julyl 2015
Use Case Document Definitions
OmniRAN Introduction and Way Forward
P802.11aq Broadcast Features
Sept Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Add the Authentication to Enhance the Security.
RTA report summary Date: Authors: Jan 2019
Group-addressed GAS Date: Authors: November 2016 July 2013
Examples of deployment scenarios
<month year> <doc.: IEEE doc> Julyl 2015
Requirements Date: Authors: March 2010 Month Year
Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Consideration on MAC enhancement of IEEE ]
Considerations on MU-MIMO Protection in 11ac
3GPP Update/Status (Release 15 – June 2018)
Month Year doc.: IEEE yy/xxxxr0 May 2012
Summary of RCM TIG formation
Month Year doc.: IEEE yy/xxxxr0 November 2013
Alternative Transport for Event and Diagnostic Reporting
WNG SC Agenda Date: Authors: November 2016 July 2013
WUR-Only Discovery Mode for WUR STAs
The pitfalls of address randomization in wireless networks
802E Privacy Report Date: Authors: January 2016
The pitfalls of address randomization in wireless networks
Reducing Overhead in Active Scanning
RCM TIG Agenda Date: July 2019 Author(s): Name Affiliation
Reducing Overhead in Active Scanning
Privacy protection in Wi-Fi analytics systems
RCM TIG Agenda Date: July 2019 Author(s): Name Affiliation
RCM TIG Agenda Date: July 2019 Author(s): Name Affiliation
Trust-based Privacy Preservation for Peer-to-peer Data Sharing
RCM TIG Agenda Date: July 2019 Author(s): Name Affiliation
RCM TIG Agenda Date: July 2019 Author(s): Name Affiliation
Presentation transcript:

Privacy protection in Wi-Fi analytics systems Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2019 Privacy protection in Wi-Fi analytics systems Date: 2019-07-17 Authors: Name Affiliation Contact Mathieu Cunche Univ. Lyon, INSA Lyon, Inria, CITI mathieu.cunche@insa-lyon.fr Slide 1 Mathieu Cunche Page 1 John Doe, Some Company

Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2019 Abstract Systems collecting network information for analytics and tracking purposes have been used for some time. Data collected by those systems can result in privacy threats and may be conflicting with data protection regulations. Slide 2 Mathieu Cunche Page 2 John Doe, Some Company

Privacy protection principles Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2019 Privacy protection principles Desirable privacy enhancing features in any data collection system User information Consent & Opt-out Data anonymization Slide 3 Mathieu Cunche Page 3 John Doe, Some Company

Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2019 Subject Information State of the art subject information in Wi-Fi tracking Slide 4 Mathieu Cunche Page 4 John Doe, Some Company

Consent & Opt-out Consent is never asked Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2019 Consent & Opt-out Consent is never asked Opt-out solution may be offered (e.g. https://optout.smart-places.org) Slide 5 Mathieu Cunche Page 5 John Doe, Some Company

Wombat: An experimental Wi-Fi tracking system Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2019 Wombat: An experimental Wi-Fi tracking system Detects Wi-Fi devices and collect mobility data Deployed as demonstrator at Cité Des Sciences et de l’Industrie (Paris) for 1 year Slide 6 Mathieu Cunche Page 6 John Doe, Some Company

Wombat: Wi-Fi based opt-out mechanism Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2019 Wombat: Wi-Fi based opt-out mechanism Dummy AP with explicit SSID, e.g. "Wi-Fi Do not track" User connect to AP to opt-out MAC address of STA collected during Association process MAC address added to a black-list Data coming from black-listed devices is dropped Slide 7 Mathieu Cunche Page 7 John Doe, Some Company

Wombat: Wi-Fi based opt-out mechanism Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2019 Wombat: Wi-Fi based opt-out mechanism Slide 8 Mathieu Cunche Page 8 John Doe, Some Company

Consent in new regulations Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2019 Consent in new regulations Opt-out is not a valid solution under GDPR: prior consent is required e-Privacy directive may relax this requirement How to to collect consent in Wi-Fi tracking context ? Slide 9 Mathieu Cunche Page 9 John Doe, Some Company

Framework for information and consent Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2019 Framework for information and consent Leverage discovery mechanism of wireless technologies (802.11, BLE) Tracking system broadcast information Data collected, privacy policies, data controler coordinates ... Data carried in Vendor/Manufacturer specific fields Subject connect to communicate consent Slide 10 Mathieu Cunche Page 10 John Doe, Some Company

Framework for information and consent Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2019 Framework for information and consent Slide 11 Mathieu Cunche Page 11 John Doe, Some Company

Data anonymization Wi-Fi presence data should must be anonymized Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2019 Data anonymization Wi-Fi presence data should must be anonymized Hashing the identifiers (MAC addr.) do not work Simple hashing can be reversed Still considered by some as sufficient Slide 12 Mathieu Cunche Page 12 John Doe, Some Company

Datastructures with Differential Privacy Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2019 Datastructures with Differential Privacy Bloom-Filter supporting cardinal estimation Perturbation to enforce Differential Privacy Slide 13 Mathieu Cunche Page 13 John Doe, Some Company

Datastructures with Differential Privacy Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2019 Datastructures with Differential Privacy No information about single identifiers can be learned from the datastructure Estimation of the number of stored identifier is possible Slide 14 Mathieu Cunche Page 14 John Doe, Some Company

Datastructures with Differential Privacy Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2019 Datastructures with Differential Privacy Evaluation on a real world data set of MAC addr. Slide 15 Mathieu Cunche Page 15 John Doe, Some Company

Datastructures with Differential Privacy Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2019 Datastructures with Differential Privacy Strong privacy requirements (GDPR ...) May seem difficult or impossible to implement But technical solutions may be possible ... Some are currently being developed Exception in regulations are not necessarily required (e.g. ePrivacy 8-b) Slide 16 Mathieu Cunche Page 16 John Doe, Some Company

Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2019 References Levent Demir, Mathieu Cunche, and Cédric Lauradoux. “Analysing the privacy policies of Wi-Fi trackers”. In: Workshop on Physical Analytics. Bretton Woods, United States: ACM, June 2014. doi: 10.1145/2611264.2611266 Célestin Matte and Mathieu Cunche. “Wombat: An experimental Wi-Fi tracking system”. In: 8e édition de l’Atelier sur la Protection de la Vie Privée (APVP). Correncon, France, July 2017. url: https://hal.inria.fr/hal-01679007 Mathieu Cunche, Daniel Le Métayer, and Victor Morel. “A Generic Information and Consent Framework for the IoT”. In: TRUSTCOM 2019 - 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. 2019. url: https://hal.inria.fr/hal-02166181 Mohammad Alaggan, Mathieu Cunche, and Sébastien Gambs. “Privacy-preserving Wi-Fi Analytics”. en. In:Proceedings on Privacy Enhancing Technologies 2018.2 (Apr. 2018), pp. 4–26. doi: 10.1515/popets-2018-0010. Slide 17 Mathieu Cunche Page 17 John Doe, Some Company

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.