Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 3. Privacy Enhancing Technologies (PET) Bobby Vellanki Computer Science Dept. Yale University Oct. 2003.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 3. Privacy Enhancing Technologies (PET) Bobby Vellanki Computer Science Dept. Yale University Oct. 2003."— Presentation transcript:

1 1 3. Privacy Enhancing Technologies (PET) Bobby Vellanki Computer Science Dept. Yale University Oct. 2003

2 2 PET PET = Privacy Enhancing Technology – technology that enhances user control and removes personal identifiers Users want free Privacy Hundreds of new technologies developed Cf. Electronic Privacy Info Center - www.Epic.orgwww.Epic.org 4 categories of PETs: Encryption Tools (e.g., SSL) Policy Tools (e.g., P3P, TRUSTe) Filtering Tools (e.g., Cookie Cutters, Spyware) Anonymity Tools (e.g., Anonymizer, iPrivacy) [cf. Bobby Vellanki]

3 3 Encryption Tools Encryption tools Examples: SSL, PGP, Encryptionizer Thought of as a security tool to prevent unauthorized access to communications, files, and computers Users don’t see the need Necessary for privacy protection but not sufficient by themselves Pros: Inexpensive (free) / Easily accessible Cons: Encryption Software isn’t used unless it is built-in to the software Both parties need to use the same software Conclusions: Easy access All parties need to use the same tool Good start but not sufficient enough [cf. Bobby Vellanki]

4 4 Policy Tools (1) P3P (Platform for Privacy Preferences) Developed by World Wide Web Consortium Usage: Users declare their privacy policy on their browsers Websites register their policy with Security agencies The website policy is compared with user policy and the browser makes automated decisions Benefits: Might help uncover privacy gaps for websites Can block cookies or prevent access to some sites Built into IE 6.0 and Netscape 7 as of July 2002 [cf. Bobby Vellanki]

5 5 Policy Tools (2) Other Policy Tools TRUSTe Non-profit organization which ensures that websites are following their privacy policy Promotes fair information practices BBBonline (Better Business Bureau) Conclusions Users are unaware of Privacy Policies Not all websites have Policy tools Need automated checks to see if websites are following their privacy policy [cf. Bobby Vellanki]

6 6 Filtering Tools Some Types 1) SPAM filtering 2) Cookie Cutters 3) Spyware killers [cf. Bobby Vellanki]

7 7 1) SPAM Filters Problems: Spammers use new technologies to defeat filters Legitimate E-mailers send SPAM resembling E-mail Possible Solution: E-Mail postage scheme Have to pay a bit for each e-mail => too costly to spam Infeasible solution Tough to impose worldwide Need homogenous technology for all parties Policy responsibility is unclear (Who will police it?) [cf. Bobby Vellanki]

8 8 2) Cookie Cutters Programs that prevent browsers from exchanging cookies Can block: Cookie /Pop-ups http headers that reveal sensitive info Banner ads / Animated graphics 3) Spyware Killers: To deal with spyware Spyware programs gather info and send it to websites Downloaded without user knowledge [cf. Bobby Vellanki]

9 9 Filtering Tools - Conclusions New technologies are created everyday Tough to distinguish SPAM Need for a universal organization People are ignorant about the use of cookies [cf. Bobby Vellanki]

10 10 Anonymity Tools Enable users to communicate anonymously Mask the IP address and personal info Some use 3 rd party proxy servers Strip off user info and forward the rest to websites Not helpful for online transactions Expensive Types of anonymity tools 1) Autonomy Enhancing (Anonymizer) 2) Seclusion Enhancing (iPrivacy) 3) Property Managing (.NET Passport) [cf. Bobby Vellanki]

11 11 1) Autonomy Enhancing Technology (1) Examples: Anonymizer, Freedom by Zero Knowledge No user information is stored by anybody but its “owner” User has complete control Anonymizer: One of the first PETs Not concerned with transaction security Provides anonymity by: Routing through a proxy server Software to manage security at the “owner’s” PC Erases cookies and log files, pop-up blocker, kills Spyware, unlisted IP [cf. Bobby Vellanki]

12 12 1) Autonomy Enhancing Technology (2) [cf. Bobby Vellanki]

13 13 Anonymizer (Cont.) Inexpensive ($30-$70 in 2003) Can’t lose password Services: Customize privacy for each site Erases cookies and log files, pop-up blocker, Spyware killer, unlisted IP Reports ISP service 1) Autonomy Enhancing Technology (3) [cf. Bobby Vellanki]

14 14 2) Seclusion Enhancing Technologies (1) Examples: iPrivacy, Incogno SafeZone Target Transaction processing companies Trusted third party (TTP) who promises not to contact the customer Consumer remains the decision maker TTP keeps limited data (dispute resolution) Transaction by transaction basis Customers can choose to not give any data to merchants [cf. Bobby Vellanki]

15 15 2) Seclusion Enhancing Technologies (2) [cf. Bobby Vellanki]

16 16 iPrivacy Intermediary for users and companies Doesn’t have the ability to look at all user data Cannot map transactions to user info Each transaction needs to have personal info filled out Customer downloads software Client-side software for shipping and Credit Card companies Licensed to Credit Card and Shipping Companies Avoids replay attacks for CC companies Allows users to end associations with merchants 2) Seclusion Enhancing Technologies (3) [cf. Bobby Vellanki]

17 17 2) Seclusion Enhancing Technologies (4) iPrivacy – Privacy Policy Never sees the consumer’s name or address Ensures only CC and shipping companies see data iPrivacy works as a one-way mirror PII filter satisfies HIPAA requirements [cf. Bobby Vellanki]

18 18 3) Property Managing Technology (1) Example:.NET Passport All user data is kept by the “privacy provider” Like a lawyer protecting privacy of a client Consumer doesn’t directly communicate with the merchant Consumer’s control rights are surrendered for service Potential for misuse of data User gives agency rights to the provider No direct contact with merchant [cf. Bobby Vellanki]

19 19 3) Property Managing Technology (2) [cf. Bobby Vellanki]

20 20 3) Property Managing Technology (3). NET Passport Single login service Customer’s personal info is contained in the Passport profile. Name, E-mail, state, country, zip, gender, b-day, occupation, telephone # Controls and logs all transactions Participating sites can provide personalized services Merchants only get a Unique ID Participants: Ebay, MSN, Expedia, NASDAQ, Ubid.com [cf. Bobby Vellanki]

21 21 3) Property Managing Technology (4) NET Passport Privacy Policy: Member of TRUSTe privacy program Will not sell or rent data Some sites may require additional info Doesn’t monitor the privacy policies of.NET participants Data is stored in controlled facilities NET Passport features: Uses “industry-standard” data encryptions Uses cookies You can’t use.NET if you decline Microsoft has the right to store or process your data in the US or in another country Abides by the Safe Harbor framework Data privacy rules agreed upon by US and the EU [cf. Bobby Vellanki]

22 22 3) Property Managing Technology (5) Conclusions Identity is secured through proxy servers Give up privacy for convenience (in.NET) Fairly cheap (some free) [cf. Bobby Vellanki]

23 23 Conclusions Trade-off: Privacy vs. Convenience People want free privacy None of these tools are good enough by themselves Technology that ensures the website is following its policy Need for an universal organization Privacy Enhancing Technologies (PET) Bobby Vellanki Computer Science Dept. Yale University Oct. 2003 [cf. Bobby Vellanki]

24 24 References (for PETs) Bobby Vellanki, “Privacy Enhancing Technologies (PET),” CS457, Computer Science Dept., Yale University, Oct. 2003.

Download ppt "1 3. Privacy Enhancing Technologies (PET) Bobby Vellanki Computer Science Dept. Yale University Oct. 2003."

Similar presentations

Georgios Kontaxis, Michalis Polychronakis Angelos D. Keromytis, Evangelos P. Markatos Siddhant Ujjain (2009cs10219) Deepak Sharma (2009cs10185)

Georgios Kontaxis, Michalis Polychronakis Angelos D. Keromytis, Evangelos P. Markatos Siddhant Ujjain (2009cs10219) Deepak Sharma (2009cs10185)
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Privacy Enhancing Technologies(PET)

Privacy Enhancing Technologies(PET)
Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.

Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.
PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.

PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.

CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Microsoft Passport www.passport.com Waldemar Swiercz.

Microsoft Passport Waldemar Swiercz.
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
Web-tracking and Adware Hannah Muihrienne Julie Chris.

Web-tracking and Adware Hannah Muihrienne Julie Chris.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.

Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
How It Applies In A Virtual World

How It Applies In A Virtual World
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Similar presentations

Ads by Google