Lecture 6 Page 1 CS 236, Spring 2008 Privacy and Anonymity CS 236 Advanced Computer Security Peter Reiher May 6, 2008.

Slides:



Advertisements
Similar presentations
Lecture 8 Page 1 CS 236, Spring 2008 Distributed Denial of Service Attacks CS 236 Advanced Computer Security Peter Reiher May 20, 2008.
Advertisements

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
Lecture 5 Page 1 CS 236 Online Certificates A ubiquitous form of authentication Generally used with public key cryptography A signed electronic document.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.
Issues in Internet Security. Securing the Internet How does the internet hold up security-wise? How does the internet hold up security-wise? Not well:
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Lecture 8 Page 1 Advanced Network Security Review of Networking Basics: Internet Architecture, Routing, and Naming Advanced Network Security Peter Reiher.
Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Lecture 16 Page 1 CS 136, Fall 2014 Privacy Computer Security Peter Reiher December 11, 2014.
Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Lecture 11 Page 1 Advanced Network Security Cryptography and Networks: IPSec and SSL/TLS Advanced Network Security Peter Reiher August, 2014.
Lecture 17 Page 1 CS 236 Online Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 13 Page 1 Advanced Network Security Authentication and Authorization in Local Networks Advanced Network Security Peter Reiher August, 2014.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
Lecture 12 Page 1 CS 236 Online Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite coasts.
Network Security – Special Topic on Skype Security.
Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
Lecture 1 Page 1 CS 236, Spring 2008 Information Flow Tracking CS 236 Advanced Computer Security Peter Reiher April 8, 2008.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
Lecture 16 Page 1 CS 188,Winter 2015 Security in Distributed Systems CS 188 Distributed Systems March 5, 2015.
Lecture 17 Page 1 CS 236 Online Onion Routing Meant to handle issue of people knowing who you’re talking to Basic idea is to conceal sources and destinations.
Lecture 17 Page 1 CS 136, Fall 2013 Privacy CS 136 Computer Security Peter Reiher December 5, 2013.
Role Of Network IDS in Network Perimeter Defense.
Lecture 14 Page 1 CS 111 Summer 2013 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.
Lecture 19 Page 1 CS 136, Spring 2009 Web Security and Privacy CS 136 Computer Security Peter Reiher June 4, 2009.
Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.
Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
K. Salah1 Security Protocols in the Internet IPSec.
Lecture 19 Page 1 CS 236 Online Privacy Privacy vs. security? Data privacy issues Network privacy issues Some privacy solutions.
Lecture 17 Page 1 CS 136, Spring 2014 Privacy CS 136 Computer Security Peter Reiher June 3, 2014.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 
Lecture 16 Page 1 CS 136, Spring 2016 Privacy Computer Security Peter Reiher May 26, 2016.
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
Privacy Computer Security Peter Reiher March 9, 2017
Outline The basic authentication problem
Network Security Mechanisms
Encryption and Network Security
Groups for This Week Golita Benoodi, Nikolay Laptev, Faraz Zahabian
Outline What does the OS protect? Authentication for operating systems
Anonymous Communication
Outline What does the OS protect? Authentication for operating systems
Privacy CS 136 Computer Security Peter Reiher December 4, 2012
Web Security Lots of Internet traffic is related to the web
Anonymous Communication
Groups for This Week Golita Benoodi, Vishwa Goudar, Kuo-Yen Luo
Outline Using cryptography in networks IPSec SSL and TLS.
Outline Network characteristics that affect security
Diffie/Hellman Key Exchange
Privacy Privacy vs. security? Data privacy issues
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Outline The spoofing problem Approaches to handle spoofing
Anonymous Communication
Presentation transcript:

Lecture 6 Page 1 CS 236, Spring 2008 Privacy and Anonymity CS 236 Advanced Computer Security Peter Reiher May 6, 2008

Lecture 6 Page 2 CS 236, Spring 2008 Groups for This Week 1.Golita Benoodi, Darrell Carbajal, Sean MacIntyre 2.Andrew Castner, Chien-Chia Chen, Chia-Wei Chang 3.Hootan Nikbakht, Ionnis Pefkianakis, Peter Peterson 4.Yu Yuan Chen, Michael Cohen, Zhen Huang 5.Jih-Chung Fan, Vishwa Goudar, Michael Hall 6.Abishek Jain, Nikolay Laptev, Chen-Kuei Lee 7.Chieh-Ning Lien, Jason Liu, Kuo-Yen Lo 8.Min-Hsieh Tsai, Peter Wu, Faraz Zahabian

Lecture 6 Page 3 CS 236, Spring 2008 Outline Privacy vs. security? Data privacy issues Network privacy issues Some privacy solutions

Lecture 6 Page 4 CS 236, Spring 2008 What Is Privacy? The ability to keep certain information secret Usually one’s own information But also information that is “in your custody” Includes ongoing information about what you’re doing

Lecture 6 Page 5 CS 236, Spring 2008 Privacy and Computers Much sensitive information currently kept on computers –Which are increasingly networked Often stored in large databases –Huge repositories of privacy time bombs We don’t know where our information is

Lecture 6 Page 6 CS 236, Spring 2008 Privacy and Our Network Operations Lots of stuff goes on over the Internet –Banking and other commerce –Health care –Romance and sex –Family issues –Personal identity information We used to regard this stuff as private –Is it private any more?

Lecture 6 Page 7 CS 236, Spring 2008 Threat to Computer Privacy Cleartext transmission of data Poor security allows remote users to access our data Sites we visit can save information on us –Multiple sites can combine information Governmental snooping Location privacy Insider threats in various places

Lecture 6 Page 8 CS 236, Spring 2008 Privacy Vs. Security Best friends? Or deadly rivals? Does good security kill all privacy? Does good privacy invalidate security? Are they orthogonal? Or can they just get along?

Lecture 6 Page 9 CS 236, Spring 2008 Conflicts Between Privacy and Security Many security issues are based on strong authentication –Which means being very sure who someone is If we’re very sure who’s doing what, we can track everything Many privacy approaches based on obscuring what you’re doing

Lecture 6 Page 10 CS 236, Spring 2008 Some Specific Privacy Problems Poorly secured databases that are remotely accessible –Or are stored on hackable computers Data mining by companies we interact with Eavesdropping on network communications by governments Insiders improperly accessing information Cell phone/mobile computer-based location tracking

Lecture 6 Page 11 CS 236, Spring 2008 Data Privacy Issues My data is stored somewhere –Can I control who can use it/see it? Can I even know who’s got it? How do I protect a set of private data? –While still allowing some use? Will data mining divulge data “through the back door”?

Lecture 6 Page 12 CS 236, Spring 2008 Personal Data Who owns data about you? What if it’s real personal data? –Social security number, DoB, your DNA record? What if it’s data someone gathered about you? –Your Google history or shopping records –Does it matter how they got it?

Lecture 6 Page 13 CS 236, Spring 2008 Controlling Personal Data Currently impossible Once someone has your data, they do what they want with it Is there some way to change that? E.g., to wrap data in way to prevent its misuse? Could TPM help?

Lecture 6 Page 14 CS 236, Spring 2008 Tracking Your Data How could I find out who knows my passport number? Can I do anything that prevents my data from going certain places? –With cooperation of those who have it? –Without their cooperation? –Via legal means?

Lecture 6 Page 15 CS 236, Spring 2008 Protecting Data Sets If my company has (legitimately) a bunch of personal data, What can I/should I do to protect it? –Given that I probably also need to use it? If I fail, how do I know that? –And what remedies do I have?

Lecture 6 Page 16 CS 236, Spring 2008 Options for Protecting Data Careful system design Limited access to the database –Networked or otherwise Full logging and careful auditing Using only encrypted data –Must it be decrypted? –If so, how to protect the data and the keys?

Lecture 6 Page 17 CS 236, Spring 2008 Data Mining and Privacy Data mining allows users to extract models from databases –Based on aggregated information Often data mining allowed when direct extraction isn’t Unless handled carefully, attackers can use mining to deduce record values

Lecture 6 Page 18 CS 236, Spring 2008 Insider Threats and Privacy Often insiders need access to private data –Under some circumstances But they might abuse that access How can we determine when they misbehave? What can we do?

Lecture 6 Page 19 CS 236, Spring 2008 Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption, data values not readable So what’s the problem?

Lecture 6 Page 20 CS 236, Spring 2008 Traffic Analysis Problems Sometimes desirable to hide that you’re talking to someone else That can be deduced even if the data itself cannot How can you hide that? –In the Internet of today?

Lecture 6 Page 21 CS 236, Spring 2008 Location Privacy Mobile devices often communicate while on the move Often providing information about their location –Perhaps detailed information –Maybe just hints This can be used to track our movements

Lecture 6 Page 22 CS 236, Spring 2008 Implications of Location Privacy Problems Anyone with access to location data can know where we go Allowing government surveillance Or a private detective following your moves Or a maniac stalker figuring out where to ambush you...

Lecture 6 Page 23 CS 236, Spring 2008 Some Privacy Solutions The Scott McNealy solution –“Get over it.” Anonymizers Onion routing Privacy-preserving data mining Preserving location privacy Handling insider threats via optimistic security

Lecture 6 Page 24 CS 236, Spring 2008 Anonymizers Network sites that accept requests of various kinds from outsiders Then submit those requests –Under their own or fake identity Responses returned to the original requestor A NAT box is a poor man’s anonymizer

Lecture 6 Page 25 CS 236, Spring 2008 The Problem With Anonymizers The entity running knows who’s who Either can use that information himself Or can be fooled/compelled/hacked to divulge it to others Generally not a reliable source of real anonymity

Lecture 6 Page 26 CS 236, Spring 2008 Onion Routing Meant to handle issue of people knowing who you’re talking to Basic idea is to conceal sources and destinations By sending lots of crypo-protected packets between lots of places Each packet goes through multiple hops

Lecture 6 Page 27 CS 236, Spring 2008 A Little More Detail A group of nodes agree to be onion routers Users obtain crypto keys for those nodes Plan is that many users send many packets through the onion routers –Concealing who’s really talking

Lecture 6 Page 28 CS 236, Spring 2008 Sending an Onion-Routed Packet Encrypt the packet using the destination’s key Wrap that with another packet to another router –Encrypted with that router’s key Iterate a bunch of times

Lecture 6 Page 29 CS 236, Spring 2008 In Diagram Form SourceDestination Onion routers

Lecture 6 Page 30 CS 236, Spring 2008 What’s Really in the Packet

Lecture 6 Page 31 CS 236, Spring 2008 Delivering the Message

Lecture 6 Page 32 CS 236, Spring 2008 What’s Been Achieved? Nobody improper read the message Nobody knows who sent the message –Except the receiver Nobody knows who received the message –Except the sender Assuming you got it all right

Lecture 6 Page 33 CS 236, Spring 2008 Issues for Onion Routing Proper use of keys Traffic analysis Overheads –Multiple hops –Multiple encryptions

Lecture 6 Page 34 CS 236, Spring 2008 Privacy-Preserving Data Mining Allow users access to aggregate statistics But don’t allow them to deduce individual statistics How to stop that?

Lecture 6 Page 35 CS 236, Spring 2008 Approaches to Privacy for Data Mining Perturbation –Add noise to sensitive value Blocking –Don’t let aggregate query see sensitive value Sampling –Randomly sample only part of data

Lecture 6 Page 36 CS 236, Spring 2008 Preserving Location Privacy Can we prevent people from knowing where we are? Given that we carry mobile communications devices And that we might want location- specific services ourselves

Lecture 6 Page 37 CS 236, Spring 2008 Location-Tracking Services Services that get reports on our mobile device’s position –Probably sent from that device Often useful –But sometimes we don’t want them turned on So, turn them off then

Lecture 6 Page 38 CS 236, Spring 2008 But... What if we turn it off just before entering a “sensitive area”? And turn it back on right after we leave? Might someone deduce that we spent the time in that area? Very probably

Lecture 6 Page 39 CS 236, Spring 2008 Handling Location Inferencing Need to obscure that a user probably entered a particular area Can reduce update rate –Reducing certainty of travel Or bundle together areas –Increasing uncertainty of which was entered

Lecture 6 Page 40 CS 236, Spring 2008 Privacy in the Face of Insider Threats A real problem Recent UCLA medical center case of worker who peeked at celebrity records –They had the right to look at records –But only for the appropriate reasons Generally, how do we preserve privacy when insider needs some access?

Lecture 6 Page 41 CS 236, Spring 2008 One Approach A better access control model Don’t give insider full access Only allow access when he really needs it But how do you tell? Could use optimistic access control

Lecture 6 Page 42 CS 236, Spring 2008 Optimistic Access Control Don’t normally allow access to protected stuff –Even if worker sometimes needs it On need, require worker to request exceptional action –And keep record it happened Audit log of exceptional actions later

Lecture 6 Page 43 CS 236, Spring 2008 A Sample Scenario Nurse X needs to access medical records of patient Y Nurse X doesn’t have ordinary access She requests exceptional access Which is granted –And a record is made of her request

Lecture 6 Page 44 CS 236, Spring 2008 Checking the Scenario An auditor (human or otherwise) examines all requests for sensitive access If “not reasonable,” reports to an authority In this case, nurse X acted properly –Since patient Y was being treated

Lecture 6 Page 45 CS 236, Spring 2008 How About Misbehavior? Nurse X requests medical information on celebrity Z The request is logged The authority finds it bogus –Good question: How? Nurse X’s ass is fired

Lecture 6 Page 46 CS 236, Spring 2008 How Does This Help? Every access to a sensitive record is logged –Well, it could have been, anyway Worker is alerted to the sensitive nature of his actions There’s a built-in mechanism for validating access

Lecture 6 Page 47 CS 236, Spring 2008 Will It Be Too Cumbersome? Depends On frequency of requests And auditor’s ability to identify illegitimate accesses Also requires reasonable remediation method And strong authentication

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.