Privacy Engineering for Digital Rights Management Systems By XiaoYu Chen.

Slides:

Advertisements

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

Advertisements

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

Secure Communication Architectures.

Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Domain Name Registrant Data: The Privacy Questions Alan Davidson Center for Democracy and Technology

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

.NET Mobile Application Development Distributed Application Design.

CS 268: Future Internet Architectures Ion Stoica May 1, 2006.

Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.

Institute of Information Systems, Humboldt University, 2006· Privacy Engineering Sarah Spiekermann & Lorrie Faith Cranor DIMACS Workshop, Rutgers University.

1 Are “Trusted Systems” Useful for Privacy Protection? Joan Feigenbaum PORTIA Workshop Stanford Univ., July 8-9, 2004.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Seven.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

Identity Management, what does it solve By Gautham Mudra.

Hippocratic Databases Paper by Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu CS 681 Presented by Xi Hua March 1st,Spring05.

1 Towards an end-to-end architecture for handling sensitive data Hector Garcia-Molina Rajeev Motwani and students.

Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

Invitation to Computer Science 5th Edition

1 TAPAS Workshop Nicola Mezzetti - TAPAS Workshop Bologna Achieving Security and Privacy on the Grid Nicola Mezzetti.

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004.

HPCC 2015, August , New York, USA Wei Chang c Joint work with Qin Liu a, Guojun Wang b, and Jie Wu c a. Hunan University, P. R. China b. Central.

PSEUDONYMIZATION TECHNIQUES FOR PRIVACY STUDY WITH CLINICAL DATA 1.

Cryptography, Authentication and Digital Signatures

Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.

Chapter 14 Part II: Architectural Adaptation BY: AARON MCKAY.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

© 2002 IBM Corporation IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June © 2003 IBM Corporation Shortcomings.

Privacy Communication Privacy Confidentiality Access Policies Systems Crypto Enforced Computing on Encrypted Data Searching and Reporting Fully Homomorphic.

POSTAL CONFERENCE 25 th – 27 th February 2015 Nairobi, Kenya By Yvonne UMUTONI Chairperson of EACO Working Group 9 (Quality of Service and Consumer Affairs)

Lecture 7: Requirements Engineering

12 Developing a Web Site Section 12.1 Discuss the functions of a Web site Compare and contrast style sheets Apply cascading style sheets (CSS) to a Web.

Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

Meng Yan. Introduction In fact, your online actions may be monitored by unauthorized parties logged and preserved for future access years later.

出處 :2010 2nd International Conference on Signal Processing Systems (ICSPS) 作者 :Zhidong Shen 、 Qiang Tong 演講者 : 碩研資管一甲吳俊逸.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

ITGS Databases.

Content Protection Platform Shih-Kun Huang Chung-Po Lin Wei-Nan Hung Institute of Information Science Academia Sinica.

© Viveca Still, 2001 W3C WORKSHOP ON DRM Sophia Antipolis Viveca Still researcher, Institute of International Economic Law, Helsinki University.

Conference name Company name INFSOM-RI Speaker name The ETICS Job management architecture EGEE ‘08 Istanbul, September 25 th 2008 Valerio Venturi.

Tussle in Cyberspace: Defining Tomorrow’s Internet Presented by: Khoa To.

Privacy and Free Speech: It's Good for Business Nicole A. Ozer, Esq. Technology and Civil Liberties Policy Director ACLU of Northern California Online.

Digital Libraries1 David Rashty. Digital Libraries2 “A library is an arsenal of liberty” Anonymous.

Security Vulnerabilities in A Virtual Environment

PRESENTED AT THE STAKEHOLDERS FORUM ON QUALITY OF SERVICE AND CONSUMER EXPERIENCE LAICO REGENCY HOTEL Creating Space for Consumer Rights in.

Assumptions of Secure Operation University of Sunderland CIT304 Harry R. Erwin, PhD.

Metadata By N.Gopinath AP/CSE Metadata and it’s role in the lifecycle. The collection, maintenance, and deployment of metadata Metadata and tool integration.

30 April 1998IBM1 Directory Services Best Practices Ellen Stokes, Directory Architect IBM Austin

1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.

APEC Engineers Workshop Legal Considerations - Central Register Sept 2015 Angela Frawley, General Counsel.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.

Library Patron Privacy in Jeopardy An analysis of the privacy policies of digital content vendors ASIS&T General Meeting 2015 April Lambert, Michelle Parker.

Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

The Apple Privacy Policy zakiya mitchell

Independent Centre for Privacy Protection Schleswig-Holstein

NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.

IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004

The Platform for Privacy Preferences Project

Presentation transcript:

Privacy Engineering for Digital Rights Management Systems By XiaoYu Chen

Introduction The goal of Digital Rights Management Systems --- to protect rights of all parties involved in distribution DRM Systems may affect user privacy --- by “legitimately” collecting user information --- by “possibly” distributing user information Any guidelines when designing DRM? --- Fair Information Principle Any technological solutions which may help? --- Trusted Proxy, P3P,……

Outline. Some typical technologies that play a role in DRM. The Fair Information Principle. Some high-tech solutions. Difference between privacy protection and control

Several technologies that play a role in DRM systems (1)Security and integrity features of operating systems (2)Rights-management language and its related application (3)Encryption (4)Digital signatures (5)Fingerprinting and other “marking” techniques (6)Others ? DRM development should put these pieces together into an end-to-end system that serves all parties involved. Many other technologies are expected to participate

Approaches to privacy engineering The Fair Information Principle:. Customizable Privacy. Collection Limitation. Database architecture and management. Purpose Disclosure. Choice. Client-side data aggregation. Transfer processed data. Competition of service. Keeping business interests in mind

Fair Information Principle (continued) (1) Customizable Privacy --- Participants should be able to easily configure the system to set their preferred information-collection and handling mechanism Problem: make design complicated? Increase cost? (2) Collection Limitation --- A business should only collect information that it really needs and should disclose how such information will be used Problem: the definition of “information that it really needs”?

Fair Information Principle (continued) (3) Database architecture and management ---A DRM system should provide easy pseudonymization that can be used to key database --- Data split and separation Problem: central or distributed management? (4) Purpose Disclosure (Notice) --- Notices should be easily understandable and thoroughly disclosed Problem: difficult to make all users clearly understand (5) Choice ---Give users choices for information collection

Fair Information Principle (continued) 6) Client-side data aggregation and transfer processed data ---Aggregate data according to categories ---Don’t transfer data that is not to be used Problem: again, the definition of “data not to be used”? clear criteria for aggregating data? (7) Competition of service ---Can offer better service to customers Problem: Business entities like monopoly (8) Keeping business interests in mind ---understand business interests of different entities Problem: hard to achieve

Enforcement of privacy solutions (1)Audit of privacy policies Problem: frequency? (2)Trusted proxies Problem: bottleneck? (3)P3P (Platform for Privacy Preferences) Problem: not an entire industrial standard yet

Privacy protection and control (1)Most times difference is very slight (2)Protection involves more user’s willings (give or not) (3)Control may need more cooperation among parties and users to prevent abuse (4)Most times reasonable privacy control is enough, with very few exceptions

Conclusion (1)Need to properly design,implement, deploy and use DRM in order to ---- Provide reasonable user privacy control ---- Supply business with necessary information ---- Run at a fair cost (2) FIP are only useful guidelines,not a technical standard Question: (1) What can be added to FIP to make it stronger? (2) What should users do in privacy control?