Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy and Trust Frameworks/Systems Presented by Zalia Shams Usable Security –

Slides:



Advertisements
Similar presentations
The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.
Advertisements

09/04/2015Unit 2 (b) Back-Office processes Unit 2 Assessment Criteria (b) 10 marks.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
UDDI, Discovery and Web Services Registries. Introduction To facilitate e-commerce, companies needed a way to locate one another and exchange information.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Securing Interaction for Sites, Apps and Extensions in the Browser Brad Miller J. D. Tygar.
Internet Sellouts Final Presentation Enterprise Architecture Group.
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.
Copyright © 2002 Pearson Education, Inc.
Chapter 2: IS Building Blocks Objectives
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.
Hippocratic Databases Paper by Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu CS 681 Presented by Xi Hua March 1st,Spring05.
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
Web application architecture
Introduction to Databases Transparencies 1. ©Pearson Education 2009 Objectives Common uses of database systems. Meaning of the term database. Meaning.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy Preferences Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis.
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
PRIME Economics WP Sub-contractors Meeting Thursday 16th December, – In Den Rustwat.
Information Systems Today, 2/C/e ©2008 Pearson Education Canada Lecture Outline eCommerce Highlights of Electronic Business 2-1.
New Developments in Authentication and Access Management Alan Robiette JISC Development Group JISC-NSF-DLI2 Meeting, 2002.
Usability Studies Encryption Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 43 Shopping on the Internet.
Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004.
E-commerce Vocabulary Terms. E-commerce Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the Internet.
E-commerce Vocabulary Terms By: Laura Kinchen. Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the.
OHT 11.1 © Marketing Insights Limited 2004 Chapter 9 Analysis and Design EC Security.
Created by, Author Name, School Name—State FLUENCY WITH INFORMATION TECNOLOGY Skills, Concepts, and Capabilities.
A GENERIC PROCESS FOR REQUIREMENTS ENGINEERING Chapter 2 1 These slides are prepared by Enas Naffar to be used in Software requirements course - Philadelphia.
Privacy-Enhancing Identity Management – An Overview – Marit Hansen Independent Centre for Privacy Protection Schleswig-Holstein,
1 WS-Privacy Paul Bui Ryan Dickey. 2 Agenda  WS-Privacy  Introduction to P3P  How P3P Works  P3P Details  A P3P Scenario  Conclusion  References.
David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.
A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.
IBM Software Group, Strategy © 2003 IBM Corporation Primary Objective of this Workshop: Identify where standards are needed for (privacy in) user-centric.
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
Shibboleth: An Introduction
1 Object-Oriented Modeling Using UML CS 3331 Section 2.4 Modeling Requirements with Use Cases.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information.
Construction Planning and Prerequisite
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy in Context: Contextual Integrity Peter Radics Usable Security – CS 6204.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Automatic Trust Negotiation Rajesh Gangam
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Collective Information Practice: Exploring Privacy and Security as Social and Cultural.
LEFIS ROVANIEMI MEETING 19TH 20TH JANUARY 2007 Privacy In The Web TATYANA STEFANOVA LEX.BG BULGARIA.
Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt
The overview How the open market works. Players and Bodies  The main players are –The component supplier  Document  Binary –The authorized supplier.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
Electronic Banking & Security Electronic Banking & Security.
The Functions of Operating Systems Network Operating Systems (NOS)
Take Charge of your Finances
The Components of Information Systems
Identity on the Internet
CIIT-Human Computer Interaction-CSC456-Fall-2015-Mr
Take Charge of your Finances
EMV® 3-D Secure - High Level Overview
The Components of Information Systems
Cyber Issues Facing Medical Practice Managers
SECURITY MECHANISM & E-COMMERCE
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION
Digital $$ Quiz Test your knowledge.
ECT455 Website Engineering
Making Privacy Possible: Research on Organizational Privacy Technology
Take Charge of your Finances
Information System Building Blocks
Distributed Digital Rights Management
Presentation transcript:

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy and Trust Frameworks/Systems Presented by Zalia Shams Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

PRIME - Privacy and Identity Management for Europe Primarily a research project. Aimed to develop a working prototype of a Privacy- enhancing Identity Management System. Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

Trust In PRIME (2005) Christer Andersson*, Jan Camenisch‡, Stephen Crane§, Simone Fischer-Hübner*, Ronald Leenes†, Siani Pearson§, John Sören Pettersson* and Dieter Sommer‡ * Karlstad University ‡IBM Zurich Research Laboratory, §Hewlett-Packard Laboratories, †Tilburg University

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Where Identity Information is Stored? A complete picture of someone’s movements, transactions, whereabouts and relationships can be found from the trail left from interaction with websites!!!

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech A Typical e-Shopping Scenario John

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech PRIME Solution Browsing Direct Delivery Direct Payment Advice, Purchase Credit Card Payment Pick up point/ Delivery Service Anonymous Delivery CustomerMerchant Bank

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Contribution Introduces the PRIME technical architecture. Discusses end user’s trust influencing factors  Socio-psychological factors  HCI aspects Describes necessity of  HCI research,  User studies and  Socio-psychological research in system design.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Design Principles Start from maximum privacy (anonymity). State explicit privacy rules. Privacy rules must be enforced, not just stated. System should be transparent (data track).

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech PRIME Architecture User Side:  Stores users’ personal data and credentials in repository  Protects these by software layer. Services Side :  Interacts with users.  Provide evidence of its trustworthiness.  Protects user’s data once released.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech PRIME Architecture User Side:  Stores users’ personal data and credentials in repository  Protects these by software layer. Services Side :  Interacts with users.  Provide evidence of its trustworthiness.  Protects user’s data once released. Handles communi cation

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech PRIME Architecture User Side:  Stores users’ personal data and credentials in repository  Protects these by software layer. Services Side :  Interacts with users.  Provide evidence of its trustworthiness.  Protects user’s data once released. Handles communication Applications access prime functionality by middleware components

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Components and Mechanisms Combining Accountability and Privacy (Access Control):  User side checks evidence of service provider’s trustworthiness (e.g. privacy seal)  Services side checks proof of individual attributes denoted as Anonymous Credentials Enforcing Privacy Policy (Before and After):  Both sides checks compliance on policy and obligation of data handling by Automated Trust and Policy Negotiation.  A component on service side enforces agreed obligations (e.g. limited time data retention ).This is Obligation Management. T ransparency:  User can track their data that are released to services side. Trusted User Interface: Prime console is used as front-end.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech A Typical Interaction Protected resource access request Confirmation data request (e.g. age) Trust data (e.g. privacy seal) requested Trust + Policy compliance data submitted Actual release of data Access is granted Front end access control component User’s identity control component Trust and policy negotiation component Obligation Management User Console

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Socio-Psychological Factors Trust Layers Influence Socio-cultural  Relates to trust in Society.  Strongly associate with known people, likely to have low trust in online stores. Institutional  Relates to trust in institution.  Legal and technological safeguards enhances peoples’ trust. Service area  Concerns trust in a particular sector of economic activity (e.g. Medical profession > banking sector >internet service provider). Application layer  Concerns trust in a particular service provider.  Irregular events creates distrust. Media layer  Relates to communication channel.  Visible icons like lock sign in pages can increase trust.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Usability Tests and Problems found A series of usability tests were performed for an e- shopping scenario using interactive mock-ups. Results: 1.Many users did not trust the claim that system will protect their data and privacy 2. “Internet is insecure anyway”. 3. “I did not agree my mental picture that I can buy a book anonymously”. 4. Users had difficulties to  mentally differentiate server and user side identity managements.  understand that PRIME console is with in users’ control and protects their identities.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Possible Solutions for Enhancing Trust “Institutional Trust” has to put into PRIME from external sources. (e.g. consumers’ organizations recommend PRIME). Trustworthiness of the service provider must be conveyed to user. Data blocking, rectifying or deleting facilities need to be added. Help functions for legal issues need to added. User side and services side Identity Management Middleware functionalities should be clearly distinguishable by UI.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Conclusions Powerful trust and privacy-enhancing technical mechanisms are developed in PRIME. Social factor and usability research have to accompany the development to enhance trust in users’.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Discussions Do you think anonymous credentials support unlinkability/privacy appropriately? Is so why? If not, why? The paper mentioned-” … buying anonymously via Internet did not fit to a user’s mental picture… it is clear that providing anonymous shopping will wake awake an interest in the privacy technology”. How this conflict can be resolved? Do you think PRIME is transparent enough? If not, what can be done to increase transparency? Up to what extent PRIME middleware should enforce service provider and third party’s back-end? (e.g. only give a message that you should delete x customers’ data or, Check back-end database and delete the data itself.)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.