privacy enhancing technologies pet
Download
Skip this Video
Download Presentation
Privacy Enhancing Technologies(PET)

Loading in 2 Seconds...

play fullscreen
1 / 44

Privacy Enhancing TechnologiesPET - PowerPoint PPT Presentation


  • 88 Views
  • Uploaded on

Privacy Enhancing Technologies(PET). Bobby Vellanki Computer Science Dept. Yale University. PETs. Intro Encryption Tools Policy Tools Filtering Tools Anonymous Tools Conclusion. PET. PET – Technology that enhances user control and removes personal identifiers Users want free Privacy

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Privacy Enhancing TechnologiesPET' - ataret


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
privacy enhancing technologies pet

Privacy Enhancing Technologies(PET)

Bobby Vellanki

Computer Science Dept.

Yale University

slide2
PETs
  • Intro
  • Encryption Tools
  • Policy Tools
  • Filtering Tools
  • Anonymous Tools
  • Conclusion
slide3
PET
  • PET – Technology that enhances user control and removes personal identifiers
  • Users want free Privacy
  • Hundreds of new technologies developed
  • www.Epic.org
slide4
PET
  • Classified into 4 Categories:
      • Encryption Tools (SSL)
      • Policy Tools (P3P, TRUSTe)
      • Filtering Tools (Cookie Cutters, Spyware)
      • Anonymous Tools (Anonymizer, iPrivacy)
slide5
PETs
  • Intro
  • Encryption Tools
  • Policy Tools
  • Filtering Tools
  • Anonymous Tools
  • Conclusion
encryption tools
Encryption Tools
  • Examples:
      • SSL, PGP, Encryptionizer
  • Thought of as a security tool to prevent unauthorized access to communications, files, and computers.
  • Users don’t see the need
  • Necessary for privacy protection but not sufficient by themselves.
encryption tools1
Encryption Tools
  • Pros:
      • Inexpensive (free)
      • Easily Accessible
  • Cons:
      • Encryption Software isn’t used unless it is built-in to the software.
      • Both parties need to use the same software
encryption tools2
Encryption Tools

Conclusions:

  • Easy access
  • All parties need to use the same tool
  • Good start but not sufficient enough
slide9
PETs
  • Intro
  • Encryption Tools
  • Policy Tools
  • Filtering Tools
  • Anonymous Tools
  • Conclusion
policy tools
Policy Tools
  • P3P (Platform for Privacy Preferences)
      • Developed by World Wide Web Consortium
  • TRUSTe
      • non-profit organization which ensures websites are following their privacy policy
      • Promotes fair information practices
  • BBBonline
policy tools cont
Policy Tools(Cont.)

P3P

  • Users declare their privacy policy on their browsers
  • Websites register their policy with Security agencies.
  • The website policy is compared with user policy and the browser makes automated decisions.
policy tools cont1
Policy Tools(Cont.)

P3P Cont.

  • Might help uncover privacy gaps for websites
  • Can block cookies or prevent access to some sites.
  • Consumer awareness
  • Built into IE 6.0 and Netscape 7 as of July 2002
policy tools cont2
Policy Tools(Cont.)

Conclusions:

  • Users are unaware of Privacy Policies
  • Not all websites have Policy tools
  • Need automated checks to see if websites are following their privacy policy
slide14
PETs
  • Intro
  • Encryption Tools
  • Policy Tools
  • Filtering Tools
  • Anonymous Tools
  • Conclusion
filtering tools
Filtering Tools
  • Some Types
      • SPAM filtering
      • Cookie Cutters
      • Spyware killers
filtering tools cont
Filtering Tools (Cont.)

SPAM Filters:

  • Problems:
      • Spammers use new technologies to defeat filters
      • Legitimate E-mailers send SPAM resembling E-mail
filtering tools cont1
Filtering Tools(Cont.)

SPAM Filters (cont.)

  • Possible Solution:
      • E-Mail postage scheme
  • Infeasible solution
      • Tough to impose worldwide
      • Need homogenous technology for all parties
      • Policy responsibility is unclear (Who will police it?)
cookie cutters
Cookie Cutters
  • Programs that prevent browsers from exchanging cookies
  • Can block:
      • Cookies
      • Pop-ups
      • http headers that reveal sensitive info
      • Banner ads
      • Animated graphics
cookie cutters cont
Cookie Cutters(cont.)
  • Spyware killers:
      • Programs that gather info and send it to websites
      • Downloaded without user knowledge
filtering tools cont2
Filtering Tools (cont.)

Conclusions:

  • New technologies are created everyday
  • Tough to distinguish SPAM
  • Need for a universal organization
  • People are ignorant about the use of cookies
slide21
PETs
  • Intro
  • Encryption Tools
  • Policy Tools
  • Filtering Tools
  • Anonymous Tools
  • Conclusion
anonymous tools
Anonymous Tools
  • Enable users to communicate anonymously
      • Masks the IP address and personal info
  • Some use 3rd party proxy servers
      • Strips off user info and sends it to websites
  • Not helpful for online transactions
  • Expensive
anonymous tools cont
Anonymous Tools(Cont.)

Types of Anonymizer Technologies:

  • Autonomy Enhancing (Anonymizer)
  • Seclusion Enhancing (iPrivacy)
  • Property Managing (.NET Passport)
anonymous tools cont1
Anonymous Tools(Cont.)

Autonomy Enhancing Technology:

  • Examples:
      • Anonymizer, Freedom by Zero Knowledge
  • No user Information is stored
  • User has complete control
anonymous tools cont3
Anonymous Tools (Cont.)

Anonymizer:

  • Originally a student project from CMU
  • One of the first PETs
  • Not concerned with transaction security
  • Provides anonymity by:
      • Routing through a proxy server
      • Software to manage security at the PC level (cookies, spyware, …)
anonymous tools cont4
Anonymous Tools(Cont.)

Anonymizer (Cont.)

  • Can be purchased for $30-$70
  • Can’t lose password
  • Services:
      • Customize privacy for each site
      • Erases cookies and log files, pop-up blocker, Spyware killer, unlisted IP
      • Reports
      • ISP service
anonymous tools cont5
Anonymous Tools (Cont.)

Seclusion Enhancing Technologies:

  • Examples:
      • iPrivacy, Incogno SafeZone
  • Target Transaction processing companies
  • Trusted third party who promises not to contact the customer
  • Consumer remains the decision maker
anonymous tools cont7
Anonymous Tools(Cont.)

Seclusion Enhancing Technologies:

  • Keeps limited data (dispute resolution)
  • Transaction by transaction basis
  • Customers can choose to not give any data to merchants
anonymous tools cont8
Anonymous Tools (Cont.)

iPrivacy

  • Intermediary for users and companies
  • Doesn’t have the ability to look at all user data
  • Cannot map transactions to user info.
  • Each transaction needs to have personal info filled out.
anonymous tools cont9
Anonymous Tools(Cont.)

iPrivacy(cont.)

  • Customer Downloads software (client-side software for shipping and Credit Card companies)
  • Licensed to Credit Card and Shipping Companies
anonymous tools cont10
Anonymous Tools(Cont.)

iPrivacy (cont.)

  • Avoids replay attacks for CC companies
  • Allows users to end associations with merchants
anonymous tools cont11
Anonymous Tools (Cont.)

iPrivacy (cont.)

Privacy Policy:

  • Never sees the consumer’s name or address
  • Ensures only CC and shipping companies see data
  • iPrivacy works as a one-way mirror
  • PII filter satisfies HIPAA requirements
anonymous tools cont12
Anonymous Tools (cont.)

Property Managing Technology

  • Example:
    • .NET Passport
  • All user data is kept by the provider
  • Consumer doesn’t directly communicate with the merchant
anonymous tools cont14
Anonymous Tools (cont.)

Property Managing Technology (cont.)

  • Consumer’s control rights are surrendered for service
  • Potential for misuse of data
  • User gives agency rights to the provider(no direct contact with merchant)
anonymous tools cont15
Anonymous Tools (cont.)

.NET Passport

  • Single login service
  • Customer’s personal info is contained in the Passport profile.
    • Name, E-mail, state, country, zip, gender, b-day, occupation, telephone #
  • Controls and logs all transactions
anonymous tools cont16
Anonymous Tools (cont.)

.NET Passport

  • Participating sites can provide personalized services
  • Merchants only get a Unique ID.

Participants:

    • Ebay, MSN, Expedia, NASDAQ, Ubid.com
anonymous tools cont17
Anonymous Tools (cont.)

.NET Passport

Privacy Policy:

  • member of TRUSTe privacy program
  • Will not sell or rent data
  • Some sites may require additional info
  • Doesn’t monitor the privacy policies of .NET participants
  • Data is stored in controlled facilities
anonymous tools cont18
Anonymous Tools(cont.)

.NET Passport

  • Uses “industry-standard” security technologies to encrypt data
  • Uses cookies (Can’t use .NET if you decline)
  • Microsoft has the right to store or process your data in the US or in another country.
  • Abides by the Safe Harbor framework (collection of data from the EU)
anonymous tools cont19
Anonymous Tools (cont.)

Conclusions:

  • identity is secured through proxy servers
  • Give up privacy for convenience (.NET)
  • Fairly cheap (some free)
slide43
PETs
  • Intro
  • Encryption Tools
  • Policy Tools
  • Filtering Tools
  • Anonymous Tools
  • Conclusion
conclusion
Conclusion
  • Trade-off: Privacy vs. Convenience
  • People want free privacy
  • None of these tools are good enough by themselves
  • Technology that ensures the website is following its policy
  • Need for an universal organization
ad