Bài giảng Computer Security - 3. Privacy Enhancing Technologies (PET)

3. Privacy Enhancing Technologies (PET)Bobby VellankiComputer Science Dept.Yale UniversityOct . 20031PETPET = Privacy Enhancing Technology – technology that enhances user control and removes personal identifiers Users want free PrivacyHundreds of new technologies developedCf. Electronic Privacy Info Center - www.Epic.org4 categories of PETs:Encryption Tools (e.g., SSL) Policy Tools (e.g., P3P, TRUSTe)Filtering Tools (e.g., Cookie Cutters, Spyware)Anonymity Tools (e.g., Anonymizer, iPrivacy)[cf. Bobby Vellanki]2Encryption ToolsEncryption toolsExamples: SSL, PGP, EncryptionizerThought of as a security tool to prevent unauthorized access to communications, files, and computersUsers don’t see the need Necessary for privacy protection but not sufficient by themselvesPros:Inexpensive (free) / Easily accessibleCons:Encryption Software isn’t used unless it is built-in to the softwareBoth parties need to use the same softwareConclusions:Easy accessAll parties need to use the same toolGood start but not sufficient enough[cf. Bobby Vellanki]3Policy Tools (1)P3P (Platform for Privacy Preferences) Developed by World Wide Web ConsortiumUsage:Users declare their privacy policy on their browsersWebsites register their policy with Security agenciesThe website policy is compared with user policy and the browser makes automated decisionsBenefits:Might help uncover privacy gaps for websitesCan block cookies or prevent access to some sitesBuilt into IE 6.0 and Netscape 7 as of July 2002[cf. Bobby Vellanki]4Policy Tools (2) Other Policy Tools TRUSTeNon-profit organization which ensures that websites are following their privacy policyPromotes fair information practices BBBonline (Better Business Bureau)ConclusionsUsers are unaware of Privacy PoliciesNot all websites have Policy toolsNeed automated checks to see if websites are following their privacy policy[cf. Bobby Vellanki]5Filtering ToolsSome Types1) SPAM filtering2) Cookie Cutters3) Spyware killers[cf. Bobby Vellanki]61) SPAM FiltersProblems:Spammers use new technologies to defeat filtersLegitimate E-mailers send SPAM resembling E-mailPossible Solution:E-Mail postage schemeHave to pay a bit for each e-mail => too costly to spamInfeasible solutionTough to impose worldwideNeed homogenous technology for all partiesPolicy responsibility is unclear (Who will police it?)[cf. Bobby Vellanki]72) Cookie CuttersPrograms that prevent browsers from exchanging cookiesCan block:Cookie /Pop-upshttp headers that reveal sensitive infoBanner ads / Animated graphics 3) Spyware Killers:To deal with spywareSpyware programs gather info and send it to websitesDownloaded without user knowledge[cf. Bobby Vellanki]8Filtering Tools - ConclusionsNew technologies are created everydayTough to distinguish SPAMNeed for a universal organization People are ignorant about the use of cookies[cf. Bobby Vellanki]9Anonymity ToolsEnable users to communicate anonymouslyMask the IP address and personal infoSome use 3rd party proxy serversStrip off user info and forward the rest to websitesNot helpful for online transactionsExpensiveTypes of anonymity tools1) Autonomy Enhancing (Anonymizer)2) Seclusion Enhancing (iPrivacy)3) Property Managing (.NET Passport)[cf. Bobby Vellanki]101) Autonomy Enhancing Technology (1)Examples:Anonymizer, Freedom by Zero KnowledgeNo user information is stored by anybody but its “owner”User has complete controlAnonymizer:One of the first PETsNot concerned with transaction securityProvides anonymity by:Routing through a proxy serverSoftware to manage security at the “owner’s” PCErases cookies and log files, pop-up blocker, kills Spyware, unlisted IP[cf. Bobby Vellanki]111) Autonomy Enhancing Technology (2)[cf. Bobby Vellanki]12Anonymizer (Cont.)Inexpensive ($30-$70 in 2003)Can’t lose passwordServices:Customize privacy for each siteErases cookies and log files, pop-up blocker, Spyware killer, unlisted IPReportsISP service1) Autonomy Enhancing Technology (3)[cf. Bobby Vellanki]132) Seclusion Enhancing Technologies (1)Examples:iPrivacy, Incogno SafeZoneTarget Transaction processing companiesTrusted third party (TTP) who promises not to contact the customerConsumer remains the decision makerTTP keeps limited data (dispute resolution)Transaction by transaction basisCustomers can choose to not give any data to merchants [cf. Bobby Vellanki]142) Seclusion Enhancing Technologies (2)[cf. Bobby Vellanki]15iPrivacyIntermediary for users and companiesDoesn’t have the ability to look at all user dataCannot map transactions to user infoEach transaction needs to have personal info filled outCustomer downloads softwareClient-side software for shipping and Credit Card companiesLicensed to Credit Card and Shipping CompaniesAvoids replay attacks for CC companies Allows users to end associations with merchants2) Seclusion Enhancing Technologies (3)[cf. Bobby Vellanki]162) Seclusion Enhancing Technologies (4)iPrivacy – Privacy PolicyNever sees the consumer’s name or addressEnsures only CC and shipping companies see dataiPrivacy works as a one-way mirrorPII filter satisfies HIPAA requirements[cf. Bobby Vellanki]173) Property Managing Technology (1)Example:.NET PassportAll user data is kept by the “privacy provider” Like a lawyer protecting privacy of a clientConsumer doesn’t directly communicate with the merchantConsumer’s control rights are surrendered for servicePotential for misuse of dataUser gives agency rights to the providerNo direct contact with merchant[cf. Bobby Vellanki]183) Property Managing Technology (2)[cf. Bobby Vellanki]193) Property Managing Technology (3).NET Passport Single login service Customer’s personal info is contained in the Passport profile.Name, E-mail, state, country, zip, gender, b-day, occupation, telephone #Controls and logs all transactionsParticipating sites can provide personalized servicesMerchants only get a Unique IDParticipants:Ebay, MSN, Expedia, NASDAQ, Ubid.com[cf. Bobby Vellanki]203) Property Managing Technology (4)NET Passport Privacy Policy:Member of TRUSTe privacy programWill not sell or rent dataSome sites may require additional info Doesn’t monitor the privacy policies of .NET participantsData is stored in controlled facilitiesNET Passport features:Uses “industry-standard” data encryptionsUses cookiesYou can’t use .NET if you declineMicrosoft has the right to store or process your data in the US or in another countryAbides by the Safe Harbor frameworkData privacy rules agreed upon by US and the EU[cf. Bobby Vellanki]213) Property Managing Technology (5)ConclusionsIdentity is secured through proxy serversGive up privacy for convenience (in .NET)Fairly cheap (some free)[cf. Bobby Vellanki]22ConclusionsTrade-off: Privacy vs. ConveniencePeople want free privacyNone of these tools are good enough by themselvesTechnology that ensures the website is following its policyNeed for an universal organizationPrivacy Enhancing Technologies (PET) Bobby VellankiComputer Science Dept.Yale UniversityOct . 2003[cf. Bobby Vellanki]23References (for PETs)Bobby Vellanki, “Privacy Enhancing Technologies (PET),” CS457, Computer Science Dept., Yale University, Oct . 2003.24