Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards Accountable Management of Privacy and Identity Information

Published byKilian Krause Modified over 5 years ago

Similar presentations

Presentation on theme: "Towards Accountable Management of Privacy and Identity Information"— Presentation transcript:

1 Towards Accountable Management of Privacy and Identity Information
Marco Casassa Mont Siani Pearson Pete Bramhall Trusted Systems Laboratory Hewlett-Packard Labs, Bristol, UK ESORICS 2003, October 2003 Gjovik, Norway

2 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Presentation Outline Problem Outline Related Work Privacy Management Model Realisation Discussion Conclusions 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

3 Privacy and Identity Information
E-Commerce Government Person Profiles User interacts with multiple services- send personal data but how do they protect it. How can they specify how they want there data to be treated The service will no doubt create a db full of personal data – but how do they deal with it? Can they just ship it to others – what view, control can we give the user. How much say in how there data is user? Digital Identities and Profiles are relevant to enable transactions and interactions on the web, in many contexts: personal, social, business, government, etc. Privacy Management is a major issue: involves people, organisations, governments, etc. Different reactions by people: ranging from “completely ignoring the privacy issues” to “being so concerned to prevent any web interaction” Business Personal 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

4 Scenario: Multiparty Interactions
Multiparty Transaction / Interaction Government Services User Negotiation of Privacy Policy Finance Services Services Policies Provision of Identity & Profile Data Data Services Identity/ Profile Disclosure Give example here Little has been done so far to directly involve people (or third parties acting on their behalf) in the management of their privacy Users lack control over their personal information after their initial disclosures Organisations, as well, lack control over the confidential information they manage on behalf of their customers, once they disclose it to third parties It is hard to make organisations accountable Privacy Enforcement Accountability of Organizations Involvement of People in the Management of their Personal Data Enterprise Accountability Enterprise Enforcement User Specification 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

5 EPAL Legal Identity Services P3P
Related Work EPAL Enterprise Enforcement Tools Legal P Proof, Evidence, Prosecution? Who Controls? EU vs US Personal Data User Understanding Identity Services P3P Lot of work done to provide Legislative Frameworks for Privacy Different legislative approaches: example US vs. EU Privacy and Data Protection laws are hard to enforce when personal information spreads across boundaries In general users have little understanding or knowledge of privacy laws and their implications W3C approach on Platform for Privacy Preferences (P3P): simple policies, point-to-point interactions. Little control on the fulfilment of these policies (at least, in the current implementations) Liberty Alliance and Microsoft Passport: Identity and Privacy Management based on closed web of trust and predefined policies IBM’s work on Enterprise Privacy Authorization Language (EPAL) and related Privacy Framework Association of fine-grained Privacy Policies (Sticky Policies) to personal data. Enforcement of Privacy Polices by the Enterprise Current Open Issues: - Policy “Stickiness” is not enforceable; - Too much trust in the enterprise; - Leakages of personal data can still happen; - Little user’s involvement. The above issues are very hard to address! Point to point Eg: MS Passport Privacy Seal Predefined Policies Enforcement? Club 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

6 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Presentation Outline Problem Outline Related Work Privacy Management Model Realisation Discussion Conclusions 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

7 Privacy Management Model
User Enterprise User DB P Transaction User Involvement Enforcement “Sticky” Privacy Policies strongly associated to Identity Information Mechanisms for strong (but not impregnable) enforcement of privacy policies Mechanisms to increase the Accountability of the involved parties Mechanisms to allow people to be more involved in the management of their data (if they want to …) Confidentiality of Data: obfuscation of confidential data Strong Association of Privacy Policies to Confidential Data: - “tamper resistant” policies associated to data. - “Stickiness” guaranteed at least till the first disclosure. Policy Compliance Check and Enforcement: by trusted Tracing & Auditing Authorities (TAAs) and Trusted Platforms + OSs Accountability Management: auditing and tracing of disclosures by TAA (used as evidence) User Involvement: policy authoring, notification, authorization Tracing and Audit Authority Accountable? Transparency Evidence Policy Compliance 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

8 ? Multi-Party Scenario User 6 ?
Enterprise Multiparty Transaction / Interaction Policies Data Services Negotiation of Privacy Policy 1 Request for Authorization or Notification 5 Obfuscated Data + Sticky Privacy Policies Sticky 2 Obfuscated Data + Sticky Privacy Policies 8 Decryption Key (if Authorised) 6 Request for Disclosure of Data + Sticky Privacy Policies Credentials 3 Checking for Integrity and Trustworthiness of Remote Environment 4 6 ? ? Tracing and Auditing Authorities (TAAs) 7 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

9 Privacy Model -- Summary
User Centric Specifies Policies Binds with their profile TAA – aids user Manages and records release of data Transparency aids accountability Validates and records enforcement mechanism Enterprise Makes audited promises concerning personal data Allows validation and assessment of enforcement mechanism Can Still Abuse Privacy 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

10 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Presentation Outline Problem Outline Related Work Privacy Management Model Realisation Discussion Conclusions 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

11 Strong Binding of Policy and Data Enforcement Verifiability
Realisation Issues Strong Binding of Policy and Data P User User DB Transaction Enforcement Enterprise Tracing and Audit Authority User Involvement Policy Compliance Evidence IBE Enforcement Verifiability Lets go back to the TCG Tagged OS 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

12 What is Identifier-based Encryption (IBE)?
User Enterprise Get decrypt Key,e Choose e Encrypt Encrypted Msg Decrypt Msg Msg Profile Enterprise must Satisfy Policy Privacy Policy Public details TAA – Enforces Policy It is an Emerging Cryptography Technology Based on a Three-Player Model: Sender, Receiver, Trust Authority (Trusted Third Party) Same Strength of RSA Different Approaches: Quadratic Residuosity, Weil Pairing, Tate Pairing … SW Library and Technology available at HP Laboratories 1st Property: any kind of “string” (or Sequence of Bytes) can be used as an IBE Encryption Key: for example a Role, an Address, a Picture, a Disclosure Time, Terms and Conditions, a Privacy Policy … 2nd Property: the generation of IBE Decryption Keys can be postponed in time, even long time after the generation of the correspondent IBE Encryption Key 3rd Property: reliance on at least a Trust Authority (Trusted Third Party) for the generation of IBE Decryption Key Compute public details Audit Generate Decryption Key Secrets s 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

13 Trusted Platforms -- TCG
Server Root of Trust Apps OS Bios User ID Issuer Query Status Measures Boot, OS and APP loading 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

14 Tagged Operating Systems
Tagged OS Data Tagged Data followed through memory Tagged Kernel Function PEP Policy – internal allow – external encrypt with policy Policy Tag Operation (Destination) 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

15 Server Control Flow Enterprise TAA Keys IBE Encrypt Key = PPolicy Apps
Request for IBE decryption Key Keys IBE Encrypt Key = PPolicy Apps Tagged OS Bios Context, Id, Purpose Dataflow Policies Check Policy ID User Check Machine Status Record Request 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

16 Sticky Privacy Policies
Example of high-level Sticky Policy (XML format): Reference to TA(s) Constraints/ Obligations Platform/OS Constraint Actions (User Involvement) IBE encryption keys can define any kind of privacy constraints or terms and conditions to be deployed and enforced at different levels of abstractions (application/service, OS, platform) 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

17 High-level System Architecture
Based on the IBE Model Privacy Policies are represented as “IBE Encryption Keys” Confidential data is encrypted with IBE encryption keys IBE encryption keys “stick” with the encrypted data (at least till the first de-obfuscation of the data …) The “Tracing and Auditing Authority” is an (IBE based) Trust Authority. Leveraging Trusted Platforms and Tagged OS for enforcing aspects of Privacy Policies (Work in Progress…) 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

18 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Presentation Outline Problem Outline Related Work Privacy Management Model Realisation Discussion Conclusions 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

19 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Discussion Enterprise 1 Personal Data Policy Engine Sticky Privacy Policies TCG Tagged OS TCG Enterprise 2 + Enforcement via Trust Authority + TCG Tagged OS TCG + Policy Engine Enforcement By Trusted Platforms and Tagged OS (Work in Progress) So What we have is a model where: Users are in control – specify their policy At least initial enforcement by TAA TAA looks and gives policies to enforcement mechanisms Could be other Mechanisms TAA Provides an audit log for users to see where data went – for what purpose, what enforcement.... What we really have is a number of mechanisms that become joined up to help the user Control or know what has happened to their data. TCG Tagged OS TCG Trusted Audit Policy Engine Tracing, Audit Authority (TAA) 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

20 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Conclusion Presented a model for accountable management of private identity data User gains more control Aided by (their) third party Audit of legitimate requests Shared with the user Checks on enforcement mechanisms Linked to TAA Enterprise is accountable for use and enforcement Links to policy based enforcement 11/05/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

21

Download ppt "Towards Accountable Management of Privacy and Identity Information"

Similar presentations

Vpn-info.com.

Vpn-info.com.
Page 1 Policy-Driven Systems for Enterprise-Wide Security Using PKI and Policies to build Trusted Distributed Authorization Systems Joe Pato Marco Casassa.

Page 1 Policy-Driven Systems for Enterprise-Wide Security Using PKI and Policies to build Trusted Distributed Authorization Systems Joe Pato Marco Casassa.
Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.

Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Negotiated Revealing of Trader’s Credentials in e-Marketplaces: Dealing with Trust and Privacy Issues Marco Casassa Mont, Mike Yearworth

Negotiated Revealing of Trader’s Credentials in e-Marketplaces: Dealing with Trust and Privacy Issues Marco Casassa Mont, Mike Yearworth
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Managing Digital Identities: Challenges.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Managing Digital Identities: Challenges.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Hippocratic Databases Paper by Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu CS 681 Presented by Xi Hua March 1st,Spring05.

Hippocratic Databases Paper by Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu CS 681 Presented by Xi Hua March 1st,Spring05.
July 25, 2005 PEP Workshop, UM 2005 1 A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Similar presentations

Ads by Google