Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services Marco.

Published byΠτοοφαγος Αντωνοπούλου Modified over 5 years ago

Similar presentations

Presentation on theme: "Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services Marco."— Presentation transcript:

1 Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services Marco Casassa Mont Siani Pearson Pete Bramhall Trusted Systems Laboratory Hewlett-Packard Labs, Bristol, UK TrustBus 2003, 2-4 September 2003 Prague, Czech Republic

2 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Presentation Outline Setting the Context Scenario Addressed Problems Related Work Our Approach Discussion Conclusions 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

3 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Setting the Context Digital Identities and Profiles are relevant to enable transactions and interactions on the web, in many contexts: personal, social, business, government, etc. Privacy Management is a major issue: involves people, organisations, governments, etc. Different reactions by people: ranging from “completely ignoring the privacy issues” to “being so concerned to prevent any web interaction” 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

4 Scenario: Multiparty Interactions [1]
Multiparty Transaction / Interaction Services User Negotiation of Privacy Policy Services Enterprise Policies Provision of Identity & Profile Data Data Identity/ Profile Disclosure Services Enterprise Enterprise Similar issues in the e-Commerce, Enterprise, Financial and Government Areas 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

5 Scenario: Multiparty Interactions [2]
Little has been done so far to directly involve people (or third parties acting on their behalf) in the management of their privacy Users lack control over their personal information after their initial disclosures Organisations, as well, lack control over the confidential information they manage on behalf of their customers, once they disclose it to third parties It is hard to make organisations accountable 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

6 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Addressed Problems Privacy Enforcement Accountability of Organizations Involvement of People in the Management of their Personal Data 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

7 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Related Work [1] Lot of work done to provide Legislative Frameworks for Privacy Different legislative approaches: example US vs. EU Privacy and Data Protection laws are hard to enforce when personal information spreads across boundaries In general users have little understanding or knowledge of privacy laws and their implications 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

8 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Related Work [2] W3C approach on Platform for Privacy Preferences (P3P): simple policies, point-to-point interactions. Little control on the fulfilment of these policies (at least, in the current implementations) Liberty Alliance and Microsoft Passport: Identity and Privacy Management based on closed web of trust and predefined policies 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

9 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Related Work [3] IBM’s work on Enterprise Privacy Authorization Language (EPAL) and related Privacy Framework Association of fine-grained Privacy Policies (Sticky Policies) to personal data. Enforcement of Privacy Polices by the Enterprise Current Open Issues: - Policy “Stickiness” is not enforceable; - Too much trust in the enterprise; - Leakages of personal data can still happen; - Little user’s involvement. The above issues are very hard to address! 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

10 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Our Approach About a Privacy and Accountability Model encompassing: “Sticky” Privacy Policies strongly associated to Identity Information Mechanisms for strong (but not impregnable) enforcement of privacy policies Mechanisms to increase the Accountability of the involved parties Mechanisms to allow people to be more involved in the management of their data (if they want to …) 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

11 Privacy and Accountability Model
Key aspects: Confidentiality of Data: obfuscation of confidential data Strong Association of Privacy Policies to Confidential Data: - “tamper resistant” policies associated to data. - “Stickiness” guaranteed at least till the first disclosure. Policy Compliance Check and Enforcement: by trusted Tracing & Auditing Authorities (TAAs) and Trusted Platforms + OSs Accountability Management: auditing and tracing of disclosures by TAA (used as evidence) User Involvement: policy authoring, notification, authorization 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

12 Privacy and Accountability Model [1]
User Enterprise Multiparty Transaction / Interaction Policies Data Services Negotiation of Privacy Policy 1 Request for Authorization or Notification 5 Obfuscated Data + Sticky Privacy Policies Sticky 2 Obfuscated Data + Sticky Privacy Policies 8 Decryption Key (if Authorised) 6 Request for Disclosure of Data + Sticky Privacy Policies Credentials 3 Checking for Integrity and Trustworthiness of Remote Environment 4 6 ? ? Tracing and Auditing Authorities (TAAs) 7 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

13 Privacy and Accountability Model [2]
Once confidential data is disclosed it can still be misused … Risks Mitigation via: Audit trail: Audit logs managed by TAAs can be used as Evidence and for Forensic Analysis (logging at least the first disclosure …) Trusted Platforms and OSs: - checking for the Integrity of the Receivers’ environment - enforcing part of the Privacy Policies directly at the OS level. Research and Work in Progress … 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

14 Privacy and Accountability Model: Technical Aspects [1]
A technical implementation of our Privacy and Accountability Model leverages three key technologies: Identifier-based Encryption (IBE) Trusted Platforms (TCG was TCPA, etc.) Tagged Operating Systems (OSs) 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

15 What is Identifier-based Encryption (IBE)?
It is an Emerging Cryptography Technology Based on a Three-Player Model: Sender, Receiver, Trust Authority (Trusted Third Party) Same Strength of RSA Different Approaches: Quadratic Residuosity, Weil Pairing, Tate Pairing … SW Library and Technology available at HP Laboratories 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

16 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
IBE Core Properties 1st Property: any kind of “string” (or Sequence of Bytes) can be used as an IBE Encryption Key: for example a Role, an Address, a Picture, a Disclosure Time, Terms and Conditions, a Privacy Policy … 2nd Property: the generation of IBE Decryption Keys can be postponed in time, even long time after the generation of the correspondent IBE Encryption Key 3rd Property: reliance on at least a Trust Authority (Trusted Third Party) for the generation of IBE Decryption Key 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

17 IBE Three-Player Model
Alice Trust Authority Bob 4. Alice Sends the encrypted Message to Bob, along with the Encryption Key 4 2. Alice knows the Trust Authority's published value of Public Detail N It is well known or available from reliable source 2 3. Alice chooses an appropriate Encryption Key. She encrypts the message: Encrypted message = {E(msg, N, encryption key)} 3 5. Bob requests the Decryption Key associated to the Encryption Key to the relevant Trust Authority. 5 6. The Trust Authority issues an IBE Decryption Key corresponding to the supplied Encryption Key only if it is happy with Bob’s entitlement to the Decryption Key. It needs the Secret to perform the computation. 6 1. Trust Authority - Generates and protects a Secret - Publishes a Public Detail N 1 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

18 Privacy and Accountability Model: Technical Aspects [2]
A technical implementation of our Privacy and Accountability Model leverages three key Technologies: Identifier-based Encryption (IBE) Trusted Platforms (TCG was TCPA, etc.) Tagged Operating Systems (OSs) 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

19 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Trusted Platforms A trusted platform provides hardware mechanisms (TPM) and tools to check for the integrity of computer platforms and their installed software (locally and remotely) TCG (was TCPA) and Microsoft NGSCB initiatives: HP and HP Laboratories are directly involved in the TCG initiative TPM 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

20 Privacy and Accountability Model: Technical Aspects [3]
A technical implementation of our Privacy and Accountability Model leverages three key Technologies: Identifier-based Encryption (IBE) Trusted Platforms (TCG was TCPA, etc.) Tagged Operating Systems (OSs) 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

21 Tagged Operating Systems
A tagged Operating System (OS) provides mechanisms and tools to associate low level labels to data and directly enforce and manage them at the OS level. The “stickiness” of a label to the content, not to the content holder (such as a file), ensures that even when the data is copied around the label follows it as well. Labels can be associated (at the OS level) to low level Privacy Policies (rules), directly enforced by the OS. Rules dictate constraints on: copies of data, data transmissions, etc. A working prototype is available at HP Laboratories, Bristol. Policy Creation and Translation System policies created in dflow compiler Policy File in Internal Format Control Enforcement Tagged Data Decision Policy evaluation engine Flow causing operation yes, no, more checks 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

22 Privacy and Accountability Model: Technical Aspects [4]
- (High level) Stickiness of Privacy Policies User Involvement Accountability Management - Enforcement of Aspects of Privacy Policy Addressed Problems (Low level) Source of Trust and HW/SW integrity checking - (Low level) Stickiness of Privacy Policies Technologies Trusted Platforms (TCG …) Tagged OSs Our Privacy and Accountability Framework (IBE, TAAs, etc.) GAP GAP 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

23 High-level System Architecture
Based on the IBE Model Privacy Policies are represented as “IBE Encryption Keys” Confidential data is encrypted with IBE encryption keys IBE encryption keys “stick” with the encrypted data (at least till the first de-obfuscation of the data …) The “Tracing and Auditing Authority” is an (IBE based) Trust Authority. Leveraging Trusted Platforms and Tagged OS for enforcing aspects of Privacy Policies (Work in Progress…) 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

24 Sticky Privacy Policies
Example of high-level Sticky Policy (XML format): Reference to TA(s) Constraints/ Obligations Platform Constraint Actions (User Involvement) IBE encryption keys can define any kind of privacy constraints or terms and conditions to be deployed and enforced at different levels of abstractions (application/service, OS, platform) 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

25 Enforcement of Sticky Privacy Policies
Enterprise 1 Personal Data Policy Engine Sticky Privacy Policies TCG Tagged OS TCG Enterprise 2 Enforcement via Trust Authority + TCG Tagged OS TCG Policy Engine Enforcement By Trusted Platforms and Tagged OS (Work in Progress) TCG Tagged OS TCG Policy Engine Trust Authority (TA) 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

26 Policy Enforcement by Trust Authority
“Soft” policy enforcement: TA still relies on the receiver to take care of the data privacy, once data is disclosed … The TA interprets Privacy Policies via a Policy Engine The TA makes sure that the Privacy Policies are satisfied before issuing the IBE decryption key Multiple TAs can be used, each of them specialised in doing specific checks (easy with IBE-based approach …) Users can be notified or asked for authorization, if the Privacy Policies require it (User Involvement) Audit of disclosures, at least the first time … The TA can leverage TCG and Tagged-OS to make sure that part of the policy enforcement is done upfront … Enterprise 1 Privacy Policies Enterprise 2 Privacy Policies Trust Authority (TA) 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

27 Policy Enforcement by Trusted Platforms
Stronger Enforcement of part of the privacy policies (low level policies) TCG integrity checking mechanisms checks for platform trustworthiness along with its SW and HW integrity. Cross boundaries integrity checking on the platforms of the involved parties To be effective, a widespread usage of trusted platforms is required. At least all the platforms involved in the task of processing confidential data should be checked. Some of them might not be exposed externally.  Too strong requirements for the time being …  Limits on the kinds of HW and SW checks … Joint usage of Tagged-OS and TCG to create Trust Domains. TCG to check upfront the integrity of the “combined” system. Tagged-OS to enforce privacy policies directly at the OS level: disallow copies data, sending data only to specific IP addresses, etc. Enterprise 1 Trust Domain Privacy Policies Enterprise 2 Tagged OS TCG Tagged OS TCG Tagged OS TCG Tagged OS TCG Tagged OS TCG Tagged OS TCG Trust Authority (TAA) Research and Work in Progress … 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

28 Accountability Management
Confidential data is encrypted: at least the first time the requestors need to interact with the Tracing and Auditing Authorities (TAAs) Auditing and Logging of data disclosures carried on by TAAs (at least the first time) Multiple TAAs can be used to mitigate trust issues. Users can run their own TAAs Usage of Audit Logs as Evidence and for Forensic Analysis Research in progress at HP Labs on tamper-resistant audit systems Enterprise 1 Privacy Policies Privacy Policies Enterprise 2 Trust Authorities (TAAs) 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

29 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Discussion The usage of “trusted third parties” to mediate interactions and encryption for confidentiality are not new The potential added value of our approach consists of: The mechanisms to associate “Sticky” Privacy Policies to confidential data via IBE (lightweight cryptography mechanism); The “active” interaction model we introduced The combined usage of TCG, Tagged OS and Trust Authorities for integrity checking and policy enforcement Other cryptography mechanisms could be used but the IBE model fits very well at the client and server sites Open issues: Our policy enforcement is strong, but not impregnable (risks vs. costs?) Adequacy of Trusted Platforms/Tagged OS to be verified Potential complexity of our solution. To be fully prototyped and tested Research in progress … 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

30 Current and Future Work
IBE technology is available. HP Labs have implemented a fast and optimised version of the IBE cryptography libraries We have simple implementations of: - a TA service - add-ins for authoring and management of privacy policies - a policy-based engine TPM chips and TCG-based PCs are available on the market We have a working prototype of the Tagged OS We have a working prototype of a non-repudiable, tamper resistant Auditing and Logging System. Next steps: testing the suitability of our approach in real contexts … 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

31 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Conclusions It is important to protect people’s privacy on the Internet, increase accountability and allow people to be more involved (if they care) Despite laws, legislations and technical attempts to solve this problem, at moment there are no solutions to address the whole set of involved issues We described our approach to provide a strong but not impregnable enforcement of privacy policies, more accountability and more user involvement We presented a technical solution that leverages IBE (sticky policies and auditing services), Tagged-OS (low level sticky policy) and TCG (trust and integrity checking) There are open issues: our research is in progress … 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

32 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Backup Slides RSA and IBE Cryptography Models 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

33 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
RSA Model Secrets p&q Compute d&e Keep d secret Compute N = p*q encrypt decrypt N and d e and N published Encrypted Msg Msg 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

34 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
IBE Model [1] Public details E D Encrypt Decrypt Secrets s Compute public Compute Key pairs Encrypted Msg Msg 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

35 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
IBE Model [2] Public details Encrypt Decrypt Secrets s Compute public Generate Decryption Key Encrypted Msg Choose e Get decrypt Key,e Msg 25/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

36

Download ppt "Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services Marco."

Similar presentations

MicroKernel Pattern Presented by Sahibzada Sami ud din Kashif Khurshid.

MicroKernel Pattern Presented by Sahibzada Sami ud din Kashif Khurshid.
Page 1 Policy-Driven Systems for Enterprise-Wide Security Using PKI and Policies to build Trusted Distributed Authorization Systems Joe Pato Marco Casassa.

Page 1 Policy-Driven Systems for Enterprise-Wide Security Using PKI and Policies to build Trusted Distributed Authorization Systems Joe Pato Marco Casassa.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Managing Digital Identities: Challenges.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Managing Digital Identities: Challenges.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev. 12-16-11)

1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev )
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.

SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.
Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Identity Management Marco Casassa Mont Trusted E-Services Lab Hewlett-Packard Laboratories Bristol, UK June 2002.

Identity Management Marco Casassa Mont Trusted E-Services Lab Hewlett-Packard Laboratories Bristol, UK June 2002.
Copyright © 2000 Internet Document Security Alan Weintraub Research Director March 9, 2000.

Copyright © 2000 Internet Document Security Alan Weintraub Research Director March 9, 2000.

Similar presentations

Ads by Google