Privacy Management for J. Alex Halderman Brent Waters Edward W. Felten Princeton University Department of Computer Science Portable Recording Devices J.

Slides:

Advertisements

Similar presentations

Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.

Advertisements

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Chapter 10 Real world security protocols

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.

Remarks on Voting using Cryptography Ronald L. Rivest MIT Laboratory for Computer Science.

Diffie-Hellman Key Exchange

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Asymmetric encryption. Asymmetric encryption, often called "public key" encryption, allows Alice to send Bob an encrypted message without a shared secret.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the order Teams mostly.

Chapter 4: Intermediate Protocols

Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,

Cryptography, Authentication and Digital Signatures

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Public-Key Cryptography CS110 Fall Conventional Encryption.

CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1

Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.

Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Privacy Enhancing Technologies Spring What is Privacy? “The right to be let alone” Confidentiality Anonymity Access Control Most privacy technologies.

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

Protecting Privacy “Most people have figured out by now you can’t do anything on the Web without leaving a record” - Holman W. Jenkins, Jr

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Protocols Chapter 2 Protocol: A series of steps, involving two or more parties, designed to accomplish a task. All parties involved must know the protocol.

Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.

Secure Conjunctive Keyword Search Over Encrypted Data Philippe Golle Jessica Staddon Palo Alto Research Center Brent Waters Princeton University.

A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F

Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,

The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Authentication Protocols (I): Secure Handshake.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.

Hidden Access Control Policies with Hidden Credentials Keith Frikken, Mikhail Atallah, Jiangtao Li CERIAS and Department of Computer Sciences Purdue University.

Secure Messenger Protocol using AES (Rijndael) Sang won, Lee

Software Security Seminar - 1 Chapter 4. Intermediate Protocols 발표자 : 이장원 Applied Cryptography.

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Intro to Cryptography ICS 6D Sandy Irani. Cryptography Intro Alice wants to send a message to Bob so that even if Eve can see the transmitted information,

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

1 Managing Security Additional notes. 2 Intercepting confidential messages Attacker Taps into the Conversation: Tries to Read Messages Client PC Server.

- Richard Bhuleskar “At the end of the day, the goals are simple: safety and security” – Jodi Rell.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

CS580 Internet Security Protocols

SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET

The Secure Sockets Layer (SSL) Protocol

Privacy Management for

Marco Casassa Mont Keith Harrison Martin Sadler

Purpose: how do computers keep our information secret?

Secure Diffie-Hellman Algorithm

Presentation transcript:

Privacy Management for J. Alex Halderman Brent Waters Edward W. Felten Princeton University Department of Computer Science Portable Recording Devices J. A. Halderman1 of 10

Camera Phones 170 million in 2004 =+ × 170 million= New Privacy Threats Ubiquitous Recording J. A. Halderman1 of 10

New Privacy Threats J. A. Halderman2 of 10 A Breakdown of Social Norms

Augment them, don’t replace them Previous Approaches Law/Policy Usage Restrictions Local Bans Technology Signal from beacon disables recording features J. A. Halderman3 of 10  Based on location, not full context  Decide before recording, not playback Coarse-Grained Restrictions

Our Approach J. A. Halderman4 of 10 Privacy protection built into trusted recording devices

Our Approach J. A. Halderman4 of 10 Recording subjects control use Negotiate using their devices (assume discovery method)

Defers privacy decision to last possible moment Our Approach J. A. Halderman4 of 10 Encrypt recording before storing Key share retained by privacy stakeholders Must ask permission to decrypt

Our Privacy Requirements J. A. Halderman5 of Unanimous Consent 2. Confidentiality of Vetoes Colluder

Our Applications J. A. Halderman6 of 10 Laptops/WiFiAOL Instant Messenger Protects audio recordings Manual discovery Protects chat logs Discovery handled by AIM

Alice and Bob tell Carol k Alice  k Bob without revealing other information about k Alice or k Bob to anyone Variation on Chaum’s “Dining Cryptographers” Secure XOR J. A. Halderman7 of 10 Bob Alice k Bob Secret Secret k Alice Carol

A & B choose and exchange random blinding factors A & B each XOR both blinding factors with their secret input and send the result to Carol Carol XORs these messages to learn k Alice  k Bob Bob Alice k Bob Secret Secret k Alice Secure XOR J. A. Halderman7 of 10 B Bob Blinding factor Blinding factor B Alice B Bob B Alice k Alice  B Bob  B Alice B Bob  B Alice  k Bob Carol k Alice  B Bob  B Alice  B Bob  B Alice  k Bob = k Alice  k Bob Carol does not learn k Alice or k Bob

Private Storage Protocol 8 of 10 “Create” Operation J. A. Halderman Identify stakeholders Need a trusted recording device for now

Private Storage Protocol 8 of 10 “Create” Operation J. A. Halderman Choose random keyshares k 1 = k 2 = Securely tell recorder k1  k2 Secure XOR k 1  k 2 = Encrypt using k1  k2 as key key= Recorder discards plaintext, key Stakeholders hold on to shares

id= owners=Alice,Bob k Alice = Secure XOR Private Storage Protocol 8 of 10 “Decrypt” Operation J. A. Halderman id= owners=Bob,Alice k Bob = id= owners=Alice,Bob Requestor sends request May we decrypt ? Cryptography provides strong protection Stakeholders apply policies Secure XOR To grant, input keyshare into XOR key= ? To deny, give random input to XOR key= ? Vetoes remain confidential

Private Storage Protocol J. A. Halderman8 of 10 “Create” Location Service Storage Recorder BRecorder A Data In Persistent Agent A Persistent Agent B Player Agent AAgent B Keyshare Encrypted Recording “Decrypt” Policy Data Out

Privacy in Practice J. A. Halderman9 of 10 A Problem of Compliance Community of like-minded people: Social pressures, local policies, etc. Privacy law can provide further incentives Convince manufacturers to build it in: Regulatory pressure, customer demand

Conclusions J. A. Halderman10 of 10 Ubiquitous recording brings privacy threats Technology can give control back to recording subjects Widespread compliance among like-minded groups

Privacy Management for J. Alex Halderman Brent Waters Edward W. Felten Princeton University Department of Computer Science Portable Recording Devices