Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.

Published byEmiliano Freeney Modified over 9 years ago

Similar presentations

Presentation on theme: "Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007."— Presentation transcript:

1 Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007

2 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice2 About this presentation The intention is to show the security-related implications of using standard internet technology Not-specific to learning scenarios User awareness and control are crucial when considering network- or social-based interactions Encourage discussion

3 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice3 Outline Did you know …? What it is? Learning Network Interaction Some Research Directions Conclusions

4 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice4 Did you know …? that every time you use your browser your privacy is compromised? that information apparently not sensitive may attempt your privacy? that a security failure on any system may have strong consequences for you?

5 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice5 Did you know …? Using Search Engines Each search query is only some keywords You may believe they are harmless What if you link them?

6 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice6 Did you know … ? The AOL scandal AOL released in 2006 data about 3 months of use 20 million web queries from 650,000 AOL users AOL username was changed to an ID number Users search for their own name, those from relatives or friends, addresses, social security numbers (SSN), etc. What if you link own name + porn query  embarrassment name + “buy ecstasy”  evidence of crime name + address + SSN  identity theft waiting to happen address + “how to kill your wife”  possible future crime http://www.techcrunch.com/2006/08/06/aol-proudly-releases-massive-amounts-of-user- search-data/

7 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice7 Did you know … ? Google Toolbar or Personalized Search Several queries are normally linked only if they are within the same session or same IP Google Toolbar and Personalized Search Collects information about your internet surfing behavior Have your bookmarks Have your interests Know what you buy Etc.

8 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice8 Did you know … ? Information Linkage SSNNameEthnDOBSexZIPProblem ………………… ……White09.16.61F94142Obesity ………………… NameAddressCityZIPDOBSexParty… …………………… Sue Carlson900 Market St.San Fran.9414209.16.61FDemocrat… …………………… Voter List Medical Data released as Anonymous

9 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice9 Did you know … ? Is your disclosed information safe? It may be stolen online because of security failures Human intervention is an extra risk in the loop Complete security does not exist !!! http://www.usatoday.com/tech/news/computersecurity/2003-03-06-texas-hack_x.htm http://www.foxnews.com/story/0,2933,196492,00.html

10 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice10 What is it? Security, Trust and Privacy Security: if you already know an entity, how do you decide what she is or is not allowed to do? Trust: if you do not know an entity, how do you decide whether to continue with the interaction or not? Privacy: if you are requested data, how do you decide what, to when and to whom you disclose it? How do you ensure it is not further redistributed afterwards?

11 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice11 Learning Network Interaction A possible scenario

12 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice12 Some Research Directions Two main approaches Soft/Social: based on previous behavior or experience, either direct or inferred e-bay, Amazon, etc. Hard/Verifiable: based on the disclosure of credentials or certificates SSN, credit card, etc.

13 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice13 Some Research Directions Social Approach – Trust Propagation trust – 0.6 0.2 ??

14 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice14 Some Research Directions Policies Policy: statement specifying the behavior of a system Some examples: Credit card required for a book purchase Discount to students My pictures can be access by my friends Typically, only the server specifies the policies Take-it-or-leave-it fashion

15 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice15 Some Research Directions Trust Negotiation Step 1: Alice requests a service from Bob Step 5: Alice discloses her VISA card credential Step 4: Bob discloses his BBB credential Step 6: Bob grants access to the service Service BobAlice Step 2: Bob discloses his policy for the serviceStep 3: Alice discloses her policy for VISA

16 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice16 Conclusions Be aware of the implications of your computer usage Malicious entities are always watching Key issue: user awareness and control

17 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice17 Conclusions User Awareness and Control (I) Most security/privacy violations caused by Lack of awareness  Users ignore security threats and vulnerabilities  Users ignore the policies applied by the systems they use Lack of control  Users don't know how to personalize their policies A social problem  Everybody's machine is on the internet  Millions of computers can be exploited for attacks  By taking advantage of the users' lack of technical competence

18 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice18 Conclusions User Awareness and Control (&II) A recent experiment: Several computers connected to the network  Different platforms and configurations With default policies: intrusion in <5 min.  Bias towards functionality With personalized policies: safe for 2 weeks  Till the end of the experiment Avantgarde. http://www.avantgarde.com/xxxxttln.pdf

19 Daniel Olmedilla May. 10th, 2007Learning Networks in Practice19 Questions? olmedilla@L3S.de - http://www.L3S.de/~olmedilla/ Thanks!

Download ppt "Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007."

Similar presentations

Breaking Trust On The Internet

Breaking Trust On The Internet
Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.

Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.
Realizing Interoperability of E-Learning Repositories Daniel Olmedilla L3S Research Center / Hannover University Universidad Autónoma de Madrid - PhD Defense.

Realizing Interoperability of E-Learning Repositories Daniel Olmedilla L3S Research Center / Hannover University Universidad Autónoma de Madrid - PhD Defense.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Search Engines and Social Networks October.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Search Engines and Social Networks October.
1 Pertemuan 6 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 6 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Philipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke L3S Research.

Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Philipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke L3S Research.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Search Engines.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Search Engines.
UNIFORM RESOURCE LOCATOR (URL)

UNIFORM RESOURCE LOCATOR (URL)
Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.

Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.
How To Protect Your Privacy and Avoid Identity Theft Online.

How To Protect Your Privacy and Avoid Identity Theft Online.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
How It Applies In A Virtual World

How It Applies In A Virtual World
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
The Study of Security and Privacy in Mobile Applications Name: Liang Wei

The Study of Security and Privacy in Mobile Applications Name: Liang Wei
Cloud Computing Cloud Security– an overview Keke Chen.

Cloud Computing Cloud Security– an overview Keke Chen.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Towards A User-Centric Identity-Usage Monitoring System - ICIMP 2008 - Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology.

Towards A User-Centric Identity-Usage Monitoring System - ICIMP Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology.
PHISHING AND SPAM EMAIL INTRODUCTION There’s a good chance that in the past week you have received at least one email that pretends to be from your bank,

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,

Similar presentations

Ads by Google