Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.

Slides:



Advertisements
Similar presentations
Breaking Trust On The Internet
Advertisements

Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.
Realizing Interoperability of E-Learning Repositories Daniel Olmedilla L3S Research Center / Hannover University Universidad Autónoma de Madrid - PhD Defense.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Search Engines and Social Networks October.
1 Pertemuan 6 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Philipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke L3S Research.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Search Engines.
UNIFORM RESOURCE LOCATOR (URL)
Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.
How To Protect Your Privacy and Avoid Identity Theft Online.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
How It Applies In A Virtual World
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
The Study of Security and Privacy in Mobile Applications Name: Liang Wei
Cloud Computing Cloud Security– an overview Keke Chen.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Towards A User-Centric Identity-Usage Monitoring System - ICIMP Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology.
PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Architecting secure software systems
Web Policy Zeitgeist Panel SWPW 2005 – Galway, Ireland Piero Bonatti, November 7th, 2005.
Reliability & Desirability of Data
Adaptive Trust Negotiation and Access Control Tatyana Ryutov, et.al. Presented by: Carlos Caicedo.
TRUST NEGOTIATION IN ONLINE BUSINESS TRANSACTIONS BY CHANDRAKANTH REDDY.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
OHT 11.1 © Marketing Insights Limited 2004 Chapter 9 Analysis and Design EC Security.
1 / 14 FIDIS 2 nd WS WP2 – Fontainebleau, December 2004 Identity in the Ambient Intelligence Environment Sabine Delaitre.
7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.
-Tyler. Social/Ethical Concern Security -Sony’s Playstation Network (PSN) hacked in April Hacker gained access to personal information -May have.
The Significance and Evolution of End User Privacy Julie Earp College of Management North Carolina State University WISE 2010 Sponsored by TRUST June 21-24,
Privacy & Security Online Ivy, Kris & Neil Privacy Threat - Ivy Is Big Brother Watching You? - Kris Identity Theft - Kris Medical Privacy - Neil Children’s.
TECHNOLOGY GUIDE THREE Protecting Your Information Assets.
 Why is this important to you?  How do digital footprints connect with digital citizenship?  Does everyone have a digital footprint?
PRIVACY IN COMPUTING BY: Engin and Will. WHY IS PRIVACY IMPORTANT? They can use your computer to attack others (money, revenge) They can use your computer.
Protune Rule-based Policies on the Semantic Web Daniel Olmedilla L3S Research Center & Hannover University PUC Seminar Aug. 21st, 2007, Rio de Janeiro,
Online Safety Objective8: Practice safe uses of social networking and electronic communication such as recognizing dangers of online predators and protecting.
McLean HIGHER COMPUTER NETWORKING Lesson 8 E-Commerce Explanation of ISP Description of E-commerce Description of E-sales.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
Topic 5: Basic Security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Security Awareness – Essential Part of Security Management Ilze Murane.
Activity 4 Protecting Ourselves. Keeping Safe There are lots of different ways we can be at risk on the Internet. How can we protect ourselves and keep.
Personal Privacy and the Public Internet John E. Carter Kennesaw State University IT 3700.
CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.
Policy-Based Dynamic Negotiation for Grid Services Authorization Ionut Constandache, Daniel Olmedilla, Wolfgang Nejdl Semantic Web Policy Workshop, ISWC’05.
ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
Staff addresses Availability tradeoffs December 13, 2012.
Personal Privacy: Limited Disclosure using Cryptographic Techniques Mark Shaneck Karthikeyan Mahadevan SCLab.
SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?
1 Outline of this module By the end of this module, you will be able to: – Understand what is meant by “identity crime”; – Name the different types of.
1 Outline of this module By the end of this module you will be able to: Understand why computer security is important; Name the different threats to.
Safe Computing Practices. What is behind a cyber attack? 1.
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)
presented by: Lingzi Hong
Hotspot Shield Protect Your Online Identity
Side-Channel Attack on Encrypted Traffic
TECHNOLOGY GUIDE THREE
Secure Software Confidentiality Integrity Data Security Authentication
Computer Data Security & Privacy
Information Security 101 Richard Davis, Rob Laltrello.
Information Security Session October 24, 2005
Malware, Phishing and Network Policies
* Essential Network Security Book Slides.
Internet.
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Presentation transcript:

Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice2 About this presentation The intention is to show the security-related implications of using standard internet technology Not-specific to learning scenarios User awareness and control are crucial when considering network- or social-based interactions Encourage discussion

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice3 Outline Did you know …? What it is? Learning Network Interaction Some Research Directions Conclusions

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice4 Did you know …? that every time you use your browser your privacy is compromised? that information apparently not sensitive may attempt your privacy? that a security failure on any system may have strong consequences for you?

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice5 Did you know …? Using Search Engines Each search query is only some keywords You may believe they are harmless What if you link them?

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice6 Did you know … ? The AOL scandal AOL released in 2006 data about 3 months of use 20 million web queries from 650,000 AOL users AOL username was changed to an ID number Users search for their own name, those from relatives or friends, addresses, social security numbers (SSN), etc. What if you link own name + porn query  embarrassment name + “buy ecstasy”  evidence of crime name + address + SSN  identity theft waiting to happen address + “how to kill your wife”  possible future crime search-data/

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice7 Did you know … ? Google Toolbar or Personalized Search Several queries are normally linked only if they are within the same session or same IP Google Toolbar and Personalized Search Collects information about your internet surfing behavior Have your bookmarks Have your interests Know what you buy Etc.

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice8 Did you know … ? Information Linkage SSNNameEthnDOBSexZIPProblem ………………… ……White F94142Obesity ………………… NameAddressCityZIPDOBSexParty… …………………… Sue Carlson900 Market St.San Fran FDemocrat… …………………… Voter List Medical Data released as Anonymous

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice9 Did you know … ? Is your disclosed information safe? It may be stolen online because of security failures Human intervention is an extra risk in the loop Complete security does not exist !!!

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice10 What is it? Security, Trust and Privacy Security: if you already know an entity, how do you decide what she is or is not allowed to do? Trust: if you do not know an entity, how do you decide whether to continue with the interaction or not? Privacy: if you are requested data, how do you decide what, to when and to whom you disclose it? How do you ensure it is not further redistributed afterwards?

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice11 Learning Network Interaction A possible scenario

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice12 Some Research Directions Two main approaches Soft/Social: based on previous behavior or experience, either direct or inferred e-bay, Amazon, etc. Hard/Verifiable: based on the disclosure of credentials or certificates SSN, credit card, etc.

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice13 Some Research Directions Social Approach – Trust Propagation trust – ??

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice14 Some Research Directions Policies Policy: statement specifying the behavior of a system Some examples: Credit card required for a book purchase Discount to students My pictures can be access by my friends Typically, only the server specifies the policies Take-it-or-leave-it fashion

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice15 Some Research Directions Trust Negotiation Step 1: Alice requests a service from Bob Step 5: Alice discloses her VISA card credential Step 4: Bob discloses his BBB credential Step 6: Bob grants access to the service Service BobAlice Step 2: Bob discloses his policy for the serviceStep 3: Alice discloses her policy for VISA

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice16 Conclusions Be aware of the implications of your computer usage Malicious entities are always watching Key issue: user awareness and control

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice17 Conclusions User Awareness and Control (I) Most security/privacy violations caused by Lack of awareness  Users ignore security threats and vulnerabilities  Users ignore the policies applied by the systems they use Lack of control  Users don't know how to personalize their policies A social problem  Everybody's machine is on the internet  Millions of computers can be exploited for attacks  By taking advantage of the users' lack of technical competence

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice18 Conclusions User Awareness and Control (&II) A recent experiment: Several computers connected to the network  Different platforms and configurations With default policies: intrusion in <5 min.  Bias towards functionality With personalized policies: safe for 2 weeks  Till the end of the experiment Avantgarde.

Daniel Olmedilla May. 10th, 2007Learning Networks in Practice19 Questions? - Thanks!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.