Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Enhancing Technologies(PET)

Published byEmily Cameron Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy Enhancing Technologies(PET)"— Presentation transcript:

1 Privacy Enhancing Technologies(PET)
Bobby Vellanki Computer Science Dept. Yale University

2 PETs Intro Encryption Tools Policy Tools Filtering Tools
Anonymous Tools Conclusion

3 PET PET – Technology that enhances user control and removes personal identifiers Users want free Privacy Hundreds of new technologies developed

4 PET Classified into 4 Categories: Encryption Tools (SSL)
Policy Tools (P3P, TRUSTe) Filtering Tools (Cookie Cutters, Spyware) Anonymous Tools (Anonymizer, iPrivacy)

5 PETs Intro Encryption Tools Policy Tools Filtering Tools
Anonymous Tools Conclusion

6 Encryption Tools Examples:
SSL, PGP, Encryptionizer Thought of as a security tool to prevent unauthorized access to communications, files, and computers. Users don’t see the need Necessary for privacy protection but not sufficient by themselves.

7 Encryption Tools Pros: Cons: Inexpensive (free) Easily Accessible
Encryption Software isn’t used unless it is built-in to the software. Both parties need to use the same software

8 Encryption Tools Conclusions: Easy access
All parties need to use the same tool Good start but not sufficient enough

9 PETs Intro Encryption Tools Policy Tools Filtering Tools
Anonymous Tools Conclusion

10 Policy Tools P3P (Platform for Privacy Preferences) TRUSTe BBBonline
Developed by World Wide Web Consortium TRUSTe non-profit organization which ensures websites are following their privacy policy Promotes fair information practices BBBonline

11 Policy Tools(Cont.) P3P Users declare their privacy policy on their browsers Websites register their policy with Security agencies. The website policy is compared with user policy and the browser makes automated decisions.

12 Policy Tools(Cont.) P3P Cont.
Might help uncover privacy gaps for websites Can block cookies or prevent access to some sites. Consumer awareness Built into IE 6.0 and Netscape 7 as of July 2002

13 Policy Tools(Cont.) Conclusions: Users are unaware of Privacy Policies
Not all websites have Policy tools Need automated checks to see if websites are following their privacy policy

14 PETs Intro Encryption Tools Policy Tools Filtering Tools
Anonymous Tools Conclusion

15 Filtering Tools Some Types SPAM filtering Cookie Cutters
Spyware killers

16 Filtering Tools (Cont.)
SPAM Filters: Problems: Spammers use new technologies to defeat filters Legitimate ers send SPAM resembling

17 Filtering Tools(Cont.)
SPAM Filters (cont.) Possible Solution: postage scheme Infeasible solution Tough to impose worldwide Need homogenous technology for all parties Policy responsibility is unclear (Who will police it?)

18 Cookie Cutters Programs that prevent browsers from exchanging cookies
Can block: Cookies Pop-ups http headers that reveal sensitive info Banner ads Animated graphics

19 Cookie Cutters(cont.) Spyware killers:
Programs that gather info and send it to websites Downloaded without user knowledge

20 Filtering Tools (cont.)
Conclusions: New technologies are created everyday Tough to distinguish SPAM Need for a universal organization People are ignorant about the use of cookies

21 PETs Intro Encryption Tools Policy Tools Filtering Tools
Anonymous Tools Conclusion

22 Anonymous Tools Enable users to communicate anonymously
Masks the IP address and personal info Some use 3rd party proxy servers Strips off user info and sends it to websites Not helpful for online transactions Expensive

23 Anonymous Tools(Cont.)
Types of Anonymizer Technologies: Autonomy Enhancing (Anonymizer) Seclusion Enhancing (iPrivacy) Property Managing (.NET Passport)

24 Anonymous Tools(Cont.)
Autonomy Enhancing Technology: Examples: Anonymizer, Freedom by Zero Knowledge No user Information is stored User has complete control

25 Anonymous Tools(cont.)

26 Anonymous Tools (Cont.)
Anonymizer: Originally a student project from CMU One of the first PETs Not concerned with transaction security Provides anonymity by: Routing through a proxy server Software to manage security at the PC level (cookies, spyware, …)

27 Anonymous Tools(Cont.)
Anonymizer (Cont.) Can be purchased for $30-$70 Can’t lose password Services: Customize privacy for each site Erases cookies and log files, pop-up blocker, Spyware killer, unlisted IP Reports ISP service

28 Anonymous Tools (Cont.)
Seclusion Enhancing Technologies: Examples: iPrivacy, Incogno SafeZone Target Transaction processing companies Trusted third party who promises not to contact the customer Consumer remains the decision maker

29 Anonymous Tools (cont.)

30 Anonymous Tools(Cont.)
Seclusion Enhancing Technologies: Keeps limited data (dispute resolution) Transaction by transaction basis Customers can choose to not give any data to merchants

31 Anonymous Tools (Cont.)
iPrivacy Intermediary for users and companies Doesn’t have the ability to look at all user data Cannot map transactions to user info. Each transaction needs to have personal info filled out.

32 Anonymous Tools(Cont.)
iPrivacy(cont.) Customer Downloads software (client-side software for shipping and Credit Card companies) Licensed to Credit Card and Shipping Companies

33 Anonymous Tools(Cont.)
iPrivacy (cont.) Avoids replay attacks for CC companies Allows users to end associations with merchants

34 Anonymous Tools (Cont.)
iPrivacy (cont.) Privacy Policy: Never sees the consumer’s name or address Ensures only CC and shipping companies see data iPrivacy works as a one-way mirror PII filter satisfies HIPAA requirements

35 Anonymous Tools (cont.)
Property Managing Technology Example: .NET Passport All user data is kept by the provider Consumer doesn’t directly communicate with the merchant

36 Anonymous Tools (cont.)

37 Anonymous Tools (cont.)
Property Managing Technology (cont.) Consumer’s control rights are surrendered for service Potential for misuse of data User gives agency rights to the provider(no direct contact with merchant)

38 Anonymous Tools (cont.)
.NET Passport Single login service Customer’s personal info is contained in the Passport profile. Name, , state, country, zip, gender, b-day, occupation, telephone # Controls and logs all transactions

39 Anonymous Tools (cont.)
.NET Passport Participating sites can provide personalized services Merchants only get a Unique ID. Participants: Ebay, MSN, Expedia, NASDAQ, Ubid.com

40 Anonymous Tools (cont.)
.NET Passport Privacy Policy: member of TRUSTe privacy program Will not sell or rent data Some sites may require additional info Doesn’t monitor the privacy policies of .NET participants Data is stored in controlled facilities

41 Anonymous Tools(cont.)
.NET Passport Uses “industry-standard” security technologies to encrypt data Uses cookies (Can’t use .NET if you decline) Microsoft has the right to store or process your data in the US or in another country. Abides by the Safe Harbor framework (collection of data from the EU)

42 Anonymous Tools (cont.)
Conclusions: identity is secured through proxy servers Give up privacy for convenience (.NET) Fairly cheap (some free)

43 PETs Intro Encryption Tools Policy Tools Filtering Tools
Anonymous Tools Conclusion

44 Conclusion Trade-off: Privacy vs. Convenience People want free privacy
None of these tools are good enough by themselves Technology that ensures the website is following its policy Need for an universal organization

Download ppt "Privacy Enhancing Technologies(PET)"

Similar presentations

Georgios Kontaxis, Michalis Polychronakis Angelos D. Keromytis, Evangelos P. Markatos Siddhant Ujjain (2009cs10219) Deepak Sharma (2009cs10185)

Georgios Kontaxis, Michalis Polychronakis Angelos D. Keromytis, Evangelos P. Markatos Siddhant Ujjain (2009cs10219) Deepak Sharma (2009cs10185)
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.

Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.

CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.

Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.
Microsoft Passport www.passport.com Waldemar Swiercz.

Microsoft Passport Waldemar Swiercz.
1 3. Privacy Enhancing Technologies (PET) Bobby Vellanki Computer Science Dept. Yale University Oct. 2003.

1 3. Privacy Enhancing Technologies (PET) Bobby Vellanki Computer Science Dept. Yale University Oct
Web-tracking and Adware Hannah Muihrienne Julie Chris.

Web-tracking and Adware Hannah Muihrienne Julie Chris.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.

CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Managing and Avoiding Junkmail. Junk E-mail  Where does Junk Mail come from? People with whom you do business  Pepsi Friends of people with whom you.

Managing and Avoiding Junkmail. Junk  Where does Junk Mail come from? People with whom you do business  Pepsi Friends of people with whom you.
The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.

The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.

Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
How It Applies In A Virtual World

How It Applies In A Virtual World

Similar presentations

Ads by Google