Presentation is loading. Please wait.

Presentation is loading. Please wait.

Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi.

Similar presentations


Presentation on theme: "Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi."— Presentation transcript:

1 Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi

2 Introduction Wide spread of network environments e.g. cellular phone, wireless communication devices, refrigerator, television, etc... Hot Sport services at airports, shops Ubiquitous computing environment

3 What can we do ? photo print book sales tourism info creditcard for the payment How is it used ? situations

4 Related works Symmetric-key, public-key, zero-knowledge algorithms, etc Digital signature, public-key infrastructure, etc The Platform for Private Preference defines a standard format to express privacy policy User agent can automate decision-making based on it Enterprise Privacy Authorization Language compels employees within the organization to keep privacy policy To provide rights of information access based on trustworthiness How do we compute trustworthiness? Does not make sure to prevent illegal information use

5 A way of information check user private information service provider result input check program

6 Ways of information check user check prg private information service provider (c) check by a user input user check prg private information service provider (a) check by a service provider release user check prg private information service provider (b) prepare trusted third parties release trusted third party user check prg private information service provider (d) check by a trusted program trusted prg check prg convert trusted prg release

7 Public, private zone model We proposed public and private zone model which aims to realize user can protect own information by himself User and service providers are defined as agent Public zone: is a space for dynamic service use and for executing trusted program Private zone: is a space for protecting private information Security barrier: is defined between public and private zone

8 The overview of our model public policies privacy policies security barrier To other agents get public policy From other agents public zone register private zone client program interaction access check Private Services Private Services service program Private Services Private Services privacy information client program + attributes Agent

9 public policy Public zone realizes dynamic service use Service = client program + service program Client program: is executed by users Service program: is executed by the service provider Public policy = client program + attributes user public zone service provider service program client program pair 1. get 3. communicate security barrier client program + attributes 2. execute

10 Private zone Privacy policy permission: purpose the user allows to use it trusted_prg: methods the user allows to use it user client program security barrier private zone private information privacy policy send private info usage: purpose of use process: methods to use permission ? trusted_prg ? trusted program created from process and trusted_prg public zone service provider trusted program send use through trusted program

11 Issues How to create trusted programs ? How to protect trusted programs ? How to confirm the behaviour of trusted program ? How to protect service providers from trusted programs ?

12 A way to create a trusted program Our model protects private information by the trusted program which we prepare How to create trusted programs ? To prepare the pattern which private information uses Service provider shows a process of private information use User extracts places where uses private information from the process User replace the place to his prepared pattern payment (id, password){ String p = getPass (id); if (password == p){ assign the right of service use } payment (id, hashed-password){ String p = getPass (id); if (hashed-password == hash (p)){ give the right of service use }

13 Protection of the trusted program A trusted program are executed by service provider The service provider can rewrite it easy Necessary to prevent illegal program rewriting Anti-tampering devices Software obfuscation, mobile cryptography anti-tampering device ks trusted-prg encrypted-prg kp encrypted-prg trusted-prg kp service provider user execute result

14 Confirmation of trusted program The service provider checks private information by a trusted program The trusted program actually checks it? Protection of service provider There is some possibility of acting as malware Necessary to restrict trusted program behaviours

15 Conclusion We proposed the basic model for private information protection Our model protects private information by user ’ s trusted program User can protect private information by own responsibility But some issues are remained Difficult to solve these issues But, these are interesting challenges

16 Thank you for your attention


Download ppt "Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi."

Similar presentations


Ads by Google