Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Management for J. Alex Halderman Brent Waters Edward W. Felten Princeton University Department of Computer Science Portable Recording Devices J.

Published byJohnathan Haynes Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy Management for J. Alex Halderman Brent Waters Edward W. Felten Princeton University Department of Computer Science Portable Recording Devices J."— Presentation transcript:

1 Privacy Management for J. Alex Halderman Brent Waters Edward W. Felten Princeton University Department of Computer Science Portable Recording Devices J. A. Halderman1 of 10

2 Camera Phones 170 million in 2004 =+ × 170 million= New Privacy Threats Ubiquitous Recording J. A. Halderman1 of 10

3 New Privacy Threats J. A. Halderman2 of 10 A Breakdown of Social Norms

4 Augment them, don’t replace them Previous Approaches Law/Policy Usage Restrictions Local Bans Technology Signal from beacon disables recording features J. A. Halderman3 of 10  Based on location, not full context  Decide before recording, not playback Coarse-Grained Restrictions

5 Our Approach J. A. Halderman4 of 10 Privacy protection built into trusted recording devices

6 Our Approach J. A. Halderman4 of 10 Recording subjects control use Negotiate using their devices (assume discovery method)

7 Defers privacy decision to last possible moment Our Approach J. A. Halderman4 of 10 Encrypt recording before storing Key share retained by privacy stakeholders Must ask permission to decrypt

8 Our Privacy Requirements J. A. Halderman5 of 10 1. Unanimous Consent 2. Confidentiality of Vetoes Colluder

9 Our Applications J. A. Halderman6 of 10 Laptops/WiFiAOL Instant Messenger Protects audio recordings Manual discovery Protects chat logs Discovery handled by AIM

10 Alice and Bob tell Carol k Alice  k Bob without revealing other information about k Alice or k Bob to anyone Variation on Chaum’s “Dining Cryptographers” Secure XOR J. A. Halderman7 of 10 Bob Alice k Bob Secret Secret k Alice Carol

11 A & B choose and exchange random blinding factors A & B each XOR both blinding factors with their secret input and send the result to Carol Carol XORs these messages to learn k Alice  k Bob Bob Alice k Bob Secret Secret k Alice Secure XOR J. A. Halderman7 of 10 B Bob Blinding factor Blinding factor B Alice B Bob B Alice k Alice  B Bob  B Alice B Bob  B Alice  k Bob Carol k Alice  B Bob  B Alice  B Bob  B Alice  k Bob = k Alice  k Bob Carol does not learn k Alice or k Bob

12 Private Storage Protocol 8 of 10 “Create” Operation J. A. Halderman Identify stakeholders Need a trusted recording device for now

13 Private Storage Protocol 8 of 10 “Create” Operation J. A. Halderman Choose random keyshares k 1 =0110100 k 2 =1011101 Securely tell recorder k1  k2 Secure XOR k 1  k 2 =1101001 Encrypt using k1  k2 as key key=1101001 Recorder discards plaintext, key Stakeholders hold on to shares

14 id=2100624 owners=Alice,Bob k Alice =0110100 Secure XOR Private Storage Protocol 8 of 10 “Decrypt” Operation J. A. Halderman id=2100624 owners=Bob,Alice k Bob =1011101 id=2100624 owners=Alice,Bob Requestor sends request May we decrypt ? Cryptography provides strong protection Stakeholders apply policies Secure XOR To grant, input keyshare into XOR key=1101001 ? To deny, give random input to XOR 1110001 key=1000101 ? Vetoes remain confidential

15 Private Storage Protocol J. A. Halderman8 of 10 “Create” Location Service Storage Recorder BRecorder A Data In Persistent Agent A Persistent Agent B Player Agent AAgent B Keyshare Encrypted Recording “Decrypt” Policy Data Out

16 Privacy in Practice J. A. Halderman9 of 10 A Problem of Compliance Community of like-minded people: Social pressures, local policies, etc. Privacy law can provide further incentives Convince manufacturers to build it in: Regulatory pressure, customer demand

17 Conclusions J. A. Halderman10 of 10 Ubiquitous recording brings privacy threats Technology can give control back to recording subjects Widespread compliance among like-minded groups

18 Privacy Management for J. Alex Halderman Brent Waters Edward W. Felten Princeton University Department of Computer Science Portable Recording Devices

Download ppt "Privacy Management for J. Alex Halderman Brent Waters Edward W. Felten Princeton University Department of Computer Science Portable Recording Devices J."

Similar presentations

Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.

Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.

Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.

Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Similar presentations

Ads by Google