Presentation is loading. Please wait.

Presentation is loading. Please wait.

Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi.

Published byDaniel O’Brien’ Modified over 9 years ago

Similar presentations

Presentation on theme: "Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi."— Presentation transcript:

1 Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi

2 Introduction Wide spread of network environments e.g. cellular phone, wireless communication devices, refrigerator, television, etc... Hot Sport services at airports, shops Ubiquitous computing environment

3 What can we do ? photo print book sales tourism info creditcard for the payment How is it used ? situations

4 Related works Symmetric-key, public-key, zero-knowledge algorithms, etc Digital signature, public-key infrastructure, etc The Platform for Private Preference defines a standard format to express privacy policy User agent can automate decision-making based on it Enterprise Privacy Authorization Language compels employees within the organization to keep privacy policy To provide rights of information access based on trustworthiness How do we compute trustworthiness? Does not make sure to prevent illegal information use

5 A way of information check user private information service provider result input check program

6 Ways of information check user check prg private information service provider (c) check by a user input user check prg private information service provider (a) check by a service provider release user check prg private information service provider (b) prepare trusted third parties release trusted third party user check prg private information service provider (d) check by a trusted program trusted prg check prg convert trusted prg release

7 Public, private zone model We proposed public and private zone model which aims to realize user can protect own information by himself User and service providers are defined as agent Public zone: is a space for dynamic service use and for executing trusted program Private zone: is a space for protecting private information Security barrier: is defined between public and private zone

8 The overview of our model public policies privacy policies security barrier To other agents get public policy From other agents public zone register private zone client program interaction access check Private Services Private Services service program Private Services Private Services privacy information client program + attributes Agent

9 public policy Public zone realizes dynamic service use Service = client program + service program Client program: is executed by users Service program: is executed by the service provider Public policy = client program + attributes user public zone service provider service program client program pair 1. get 3. communicate security barrier client program + attributes 2. execute

10 Private zone Privacy policy permission: purpose the user allows to use it trusted_prg: methods the user allows to use it user client program security barrier private zone private information privacy policy send private info usage: purpose of use process: methods to use permission ? trusted_prg ? trusted program created from process and trusted_prg public zone service provider trusted program send use through trusted program

11 Issues How to create trusted programs ? How to protect trusted programs ? How to confirm the behaviour of trusted program ? How to protect service providers from trusted programs ?

12 A way to create a trusted program Our model protects private information by the trusted program which we prepare How to create trusted programs ? To prepare the pattern which private information uses Service provider shows a process of private information use User extracts places where uses private information from the process User replace the place to his prepared pattern payment (id, password){ String p = getPass (id); if (password == p){ assign the right of service use } payment (id, hashed-password){ String p = getPass (id); if (hashed-password == hash (p)){ give the right of service use }

13 Protection of the trusted program A trusted program are executed by service provider The service provider can rewrite it easy Necessary to prevent illegal program rewriting Anti-tampering devices Software obfuscation, mobile cryptography anti-tampering device ks trusted-prg encrypted-prg kp encrypted-prg trusted-prg kp service provider user execute result

14 Confirmation of trusted program The service provider checks private information by a trusted program The trusted program actually checks it? Protection of service provider There is some possibility of acting as malware Necessary to restrict trusted program behaviours

15 Conclusion We proposed the basic model for private information protection Our model protects private information by user ’ s trusted program User can protect private information by own responsibility But some issues are remained Difficult to solve these issues But, these are interesting challenges

16 Thank you for your attention

Download ppt "Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi."

Similar presentations

Innovation Towards a next generation secure internet Private Application Ecosystems Sanjay Deshpande CEO and Chief Innovation Officer Center.

Innovation Towards a next generation secure internet Private Application Ecosystems Sanjay Deshpande CEO and Chief Innovation Officer Center.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
1 fairCASH: Concepts and Framework Yen Choon Ching Institute of Computer Science, University of Kiel, Germany Ver 3.1 15 Sept 2008.

1 fairCASH: Concepts and Framework Yen Choon Ching Institute of Computer Science, University of Kiel, Germany Ver Sept 2008.
Secure Communication Architectures.

Secure Communication Architectures.
Gefördert durch das Kompetenzzentrenprogramm DI Alfred Wertner 19. September 2014 Ubiquitous Personal Computing © Know-Center 2014 www.know-center.at Security.

Gefördert durch das Kompetenzzentrenprogramm DI Alfred Wertner 19. September 2014 Ubiquitous Personal Computing © Know-Center Security.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.

Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.

Similar presentations

Ads by Google