V ANISHING D OCUMENTS I MPACT ON P RIVACY George B. Dobbs Chief Architect & Director Shared Services, Knights of Columbus Supreme Council.

Slides:

Advertisements

Similar presentations

Computer Security CIS326 Dr Rachel Shipsey.

Advertisements

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

CP3397 ECommerce.

Confidentiality and Privacy Controls

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

Distributed Databases John Ortiz. Lecture 24Distributed Databases2  Distributed Database (DDB) is a collection of interrelated databases interconnected.

Security & Encryption Thomas Fenske & Joseph Minter.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

Netiquette Rules.

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu Yoshi Kohno Amit Levy Hank Levy University of Washington.

S EMINAR A SELF DESTRUCTING DATA SYSTEM BASED ON ACTIVE STORAGE FRAMEWORK ONON P RESENTED BY S HANKAR G ADHVE G UIDED BY P ROF.P RAFUL P ARDHI.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 6: Contract Law Law in Society

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.

INE1020: Introduction to Internet Engineering 6: Privacy and Security Issues1 Lecture 9: E-commerce & Business r E-Commerce r Security Issues m Secure.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Electronic Discovery refers to the discovery of electronic documents and data…including , web pages, word processing files, computer databases, and.

HOME-BASED AGENTS Welcome to Unit 7. Review of unit reading material from textbook: Travel Career Development 8 th ed. Authors: Gagnon,P. & Houser, S.

CIS 450 – Network Security Chapter 8 – Password Security.

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science Cryptographic Security Secret Sharing, Vanishing Data.

Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Cryptography, Authentication and Digital Signatures

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

“E-commerce and E-business” Academic Year What is E-commerce? Commerce is the whole system of an economy that constitutes an environment for business.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Types of Electronic Infection

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu, Tadayoshi Kohno, Amit Levy, et al. University of Washington USENIX Security.

Cryptographic Security Secret Sharing, Vanishing Data 1Dennis Kafura – CS5204 – Operating Systems.

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu Tadayoshi Kohno Amit A. Levy Henry M. Levy University of Washington.

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu | Tadayoshi Kohno | Amit A. Levy | Henry M. Levy Presented by: Libert Tapia.

Electronic Marketing: Integrating Electronic Resources into the Marketing Process, 2e 11/5/2015  2004 Joel Reedy and Shauna Schullo Electronic Marketing.

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.

IT in Business Issues in Information Technology Lecture – 13.

Paper by: Roxana Geambasu, Tadayoshi Kohno, Amit A. Levy, Henry M. Levy University of Washington Vanish: Increasing Data Privacy with Self-Destructing.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.

DIGITAL SIGNATURE.

Freenet “…an adaptive peer-to-peer network application that permits the publication, replication, and retrieval of data while protecting the anonymity.

Chap1: Is there a Security Problem in Computing?.

University Policy towards Privacy and Network Use Group Members: Serena Lam, Sarah Hong, Charlie Korschun, Zan Fort, Kristen France, and Jason Saltiel.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.

Personal Privacy: Limited Disclosure using Cryptographic Techniques Mark Shaneck Karthikeyan Mahadevan SCLab.

Network Security Celia Li Computer Science and Engineering York University.

1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.

Heartland Surgical Specialty Hospital, LLC v. Midwest Division, Inc 2007 WL (D. Kan. Apr. 9, 2007)

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

Information Systems Design and Development Security Precautions Computing Science.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

Phone: Welcome to Quick Flood Quote! Our mission is to provide you with the highest quality flood insurance available combined with the lowest.

Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.

Confidentiality and Privacy Controls

Other Sources of Information

Vanish: Increasing Data Privacy with Self-Destructing Data

Presentation transcript:

V ANISHING D OCUMENTS I MPACT ON P RIVACY George B. Dobbs Chief Architect & Director Shared Services, Knights of Columbus Supreme Council

K NIGHTS OF C OLUMBUS Fraternal Benefit Society with 1.7M members United States, Canada, Latin America, Philippines & Poland Membership driven Insures its members and their families Whole life, Term life, Fixed annuities and Long term care products Career Agency System ~1400 agents Fortune 997, ~1.5 B Revenue

E PHEMERAL D OCUMENTS Give access – but only for a while Owner’s copies are still valid Correspondent not fully trusted Example: shopping a business plan Intentional forgetting All copies vanish after an interval Correspondent trusted but lazy Example: frank conversation in , later to be regretted.

P ROVIDE ACCESS ONLY FOR A WHILE Encrypt but control key access Correspondent must get key each time (central control) or Key is stored locally for a while for offline use Requires client side container/code that could be attacked. Commercial products in the Digital Rights Management category Subject to legal or technical attacks on key holder

I NTENTIONAL F ORGETTING Encrypt but key access removed after a while No action needed by user No retroactive retrieval by adversary Even from storage such as caches, mail routers or backup tapes No one can access after the interval expires even the owner has no access to they key Research project at U. Washington Subject to key capture during the interval Correspondent may copy message during interval

V ANISH R ESEARCH P ROJECT University of Washington (Aug 2009) Use cases focus on trusted but lazy correspondents Splits symmetric key into parts Used an open distributed hash table

A VOIDING A CENTRALIZED STORE Distributed Hash Tables Used for many P2P applications Academic studies since 2001 Unless refreshed, DHT, times out entries

P REPARING A V ANISHING D ATA O BJECT Pick a random symmetric key, K Encrypt the user data locally, yielding C Pick a seed, L, for pseudo random number generation Use L to generate indices in the hash table x 1..x n Divide the key into pieces k 1..k n where m parts are needed to compute the key, K. (Shamir Secret Sharing) put(x i,k i ) for i=1 to n destroys the local copy of the key, Sends {C,L} to correspondent

World-Wide DHT H OW V ANISH W ORKS Vanish Encapsulate (data, timeout) Vanish Data Object VDO = {C, L} Secret Sharing (M of N) k1k1 k2k2 kNkN... k3k3 Random indexes k1k1 k2k2 k3k3 kNkN Ann C = E K (data) L K k1k1 k3k3 kNkN k2k2 9 VDO = {C, L} Carla

H OW V ANISH W ORKS 10 Vanish Encapsulate (data, timeout) Random indexes Ann C = E K (data) World-Wide DHT Vanish Decapsulate (VDO = {C, L}) data Carla Secret Sharing (M of N)... Random indexes k1k1 k3k3 kNkN data = D K (C) kNkN k3k3 k1k1 LL K Secret Sharing (M of N) X VDO = {C, L} k2k2 k2k2 Vanish Data Object VDO = {C, L}

T HE F IREFOX P LUG IN  Implemented as an extension to the GPG plug in  Entirely client side  Shows potential for becoming mainstream

A TTACK Defeating Vanish (Sep 2009) Researchers showed feasible to Infiltrate the open DHT Record all keys Originators responded with improvements Use hybrid of open and closed DHT Closed DHT restricts entry of nodes into system

E ND OF T ECHNICAL P ART Next section scratches at possible issues from an Enterprise point of view Please suggest your own thoughts.

O RGANIZATIONAL D ILEMMAS Lets suppose the vanish ability becomes mainstream What kinds of scenarios can we dream up?

L ITIGATION H OLDS Legal framework Stop the clock on document destruction Clearly this prohibits organizations from originating these documents If someone does create a VDO Keys and plaintext gone, but Crypto text is evidence that the document existed What controls can we envision to prevent their use?

I NBOUND C OMMUNICATIONS VDO’s could come from ‘outside’ Are there business reasons to allow this? What about going ‘out’ to visit a VDO? Are there cases when a VDO should not be opened? Are there cases when it must be opened?

B USINESS U SES Probably few legitimate uses for large commercial enterprises. Customer Service Brand Management Public Safety Attorneys under privilege

G OING OUTSIDE TO VIEW Go to a website to view a VDO Does that constitute corporate knowledge? Company uses social networking site Stay in contact with customers for customer service, say Since VDO is mainstream, A user turns it on for ALL communications, thinking that safer But for enterprise, it’s a business transaction So…. Does it need to be ‘imported’ for preservation? Capture the key and ciphertext or just the plaintext?

L ETTING VDO S IN with a vanishing data object Options: 1. Detect and prevent entry, like spam 2. Allow in, but prevent acquisition of keys, through network policy. 3. Allow in, but decode passing through gateway 4. Allow in with quarantine & special handling Is there a duty to preserve it? For e-Discovery? Would the court consider the unpacked as equivalent? To prove it is equivalent you’d need the key

F OR S AFETY, M UST OPEN Suppose clear text subject line contains a threat: “Bomb active. Defuse instructions enclosed” Mail is received but enterprise policies prevent acquisition of key This scenario indicates some sort of handling

B RAND B UZZ Corporations sometimes watch what is being said about them in public venues If social network acts as an amplifier/repeater, and the VDOs time out say in 8 hours Watcher scan cycle time would need to be less than the timeout If today a daily scan is adequate, it might need to be every few hours

O UTBOUND C OMMUNICATIONS Lying to a customer EE or Agent promises something Controllable on internal equipment/ Employee sends stolen company info User A with enterprise IP goes to sneaky.com Under the cover of HTTPS writes a VDO with internal information User B an investor, foreign power etc, reads info In order to stop Blacklist sneaky.com Terminate SSL at border Intercept & decode, possibly quarantine Prevent anything that appears further encrypted.

N OT, P ERHAPS, J ERICHO, B UT Millions of consumer computers Harnessed to provide some privacy Is an example of how The walled garden model of the enterprise May no longer be sufficient

R EFERENCES Vanish Self-Destructing Digital Data New Technology to Make Digital Data Self-Destruct Distributed Hash Tables Attack broken.pdf broken.pdf Vanishing and Electronically Stored Information: an E-Discovery Hazard electronic-data-ediscovery.html electronic-data-ediscovery.html