Privacy enhancing technologies pet
This presentation is the property of its rightful owner.
Sponsored Links
1 / 44

Privacy Enhancing Technologies(PET) PowerPoint PPT Presentation


  • 49 Views
  • Uploaded on
  • Presentation posted in: General

Privacy Enhancing Technologies(PET). Bobby Vellanki Computer Science Dept. Yale University. PETs. Intro Encryption Tools Policy Tools Filtering Tools Anonymous Tools Conclusion. PET. PET – Technology that enhances user control and removes personal identifiers Users want free Privacy

Download Presentation

Privacy Enhancing Technologies(PET)

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Privacy enhancing technologies pet

Privacy Enhancing Technologies(PET)

Bobby Vellanki

Computer Science Dept.

Yale University


Privacy enhancing technologiespet

PETs

  • Intro

  • Encryption Tools

  • Policy Tools

  • Filtering Tools

  • Anonymous Tools

  • Conclusion


Privacy enhancing technologiespet

PET

  • PET – Technology that enhances user control and removes personal identifiers

  • Users want free Privacy

  • Hundreds of new technologies developed

  • www.Epic.org


Privacy enhancing technologiespet

PET

  • Classified into 4 Categories:

    • Encryption Tools (SSL)

    • Policy Tools (P3P, TRUSTe)

    • Filtering Tools (Cookie Cutters, Spyware)

    • Anonymous Tools (Anonymizer, iPrivacy)


Privacy enhancing technologiespet

PETs

  • Intro

  • Encryption Tools

  • Policy Tools

  • Filtering Tools

  • Anonymous Tools

  • Conclusion


Encryption tools

Encryption Tools

  • Examples:

    • SSL, PGP, Encryptionizer

  • Thought of as a security tool to prevent unauthorized access to communications, files, and computers.

  • Users don’t see the need

  • Necessary for privacy protection but not sufficient by themselves.


  • Encryption tools1

    Encryption Tools

    • Pros:

      • Inexpensive (free)

      • Easily Accessible

  • Cons:

    • Encryption Software isn’t used unless it is built-in to the software.

    • Both parties need to use the same software


  • Encryption tools2

    Encryption Tools

    Conclusions:

    • Easy access

    • All parties need to use the same tool

    • Good start but not sufficient enough


    Privacy enhancing technologiespet

    PETs

    • Intro

    • Encryption Tools

    • Policy Tools

    • Filtering Tools

    • Anonymous Tools

    • Conclusion


    Policy tools

    Policy Tools

    • P3P (Platform for Privacy Preferences)

      • Developed by World Wide Web Consortium

  • TRUSTe

    • non-profit organization which ensures websites are following their privacy policy

    • Promotes fair information practices

  • BBBonline


  • Policy tools cont

    Policy Tools(Cont.)

    P3P

    • Users declare their privacy policy on their browsers

    • Websites register their policy with Security agencies.

    • The website policy is compared with user policy and the browser makes automated decisions.


    Policy tools cont1

    Policy Tools(Cont.)

    P3P Cont.

    • Might help uncover privacy gaps for websites

    • Can block cookies or prevent access to some sites.

    • Consumer awareness

    • Built into IE 6.0 and Netscape 7 as of July 2002


    Policy tools cont2

    Policy Tools(Cont.)

    Conclusions:

    • Users are unaware of Privacy Policies

    • Not all websites have Policy tools

    • Need automated checks to see if websites are following their privacy policy


    Privacy enhancing technologiespet

    PETs

    • Intro

    • Encryption Tools

    • Policy Tools

    • Filtering Tools

    • Anonymous Tools

    • Conclusion


    Filtering tools

    Filtering Tools

    • Some Types

      • SPAM filtering

      • Cookie Cutters

      • Spyware killers


    Filtering tools cont

    Filtering Tools (Cont.)

    SPAM Filters:

    • Problems:

      • Spammers use new technologies to defeat filters

      • Legitimate E-mailers send SPAM resembling E-mail


    Filtering tools cont1

    Filtering Tools(Cont.)

    SPAM Filters (cont.)

    • Possible Solution:

      • E-Mail postage scheme

  • Infeasible solution

    • Tough to impose worldwide

    • Need homogenous technology for all parties

    • Policy responsibility is unclear (Who will police it?)


  • Cookie cutters

    Cookie Cutters

    • Programs that prevent browsers from exchanging cookies

    • Can block:

      • Cookies

      • Pop-ups

      • http headers that reveal sensitive info

      • Banner ads

      • Animated graphics


    Cookie cutters cont

    Cookie Cutters(cont.)

    • Spyware killers:

      • Programs that gather info and send it to websites

      • Downloaded without user knowledge


    Filtering tools cont2

    Filtering Tools (cont.)

    Conclusions:

    • New technologies are created everyday

    • Tough to distinguish SPAM

    • Need for a universal organization

    • People are ignorant about the use of cookies


    Privacy enhancing technologiespet

    PETs

    • Intro

    • Encryption Tools

    • Policy Tools

    • Filtering Tools

    • Anonymous Tools

    • Conclusion


    Anonymous tools

    Anonymous Tools

    • Enable users to communicate anonymously

      • Masks the IP address and personal info

  • Some use 3rd party proxy servers

    • Strips off user info and sends it to websites

  • Not helpful for online transactions

  • Expensive


  • Anonymous tools cont

    Anonymous Tools(Cont.)

    Types of Anonymizer Technologies:

    • Autonomy Enhancing (Anonymizer)

    • Seclusion Enhancing (iPrivacy)

    • Property Managing (.NET Passport)


    Anonymous tools cont1

    Anonymous Tools(Cont.)

    Autonomy Enhancing Technology:

    • Examples:

      • Anonymizer, Freedom by Zero Knowledge

  • No user Information is stored

  • User has complete control


  • Anonymous tools cont2

    Anonymous Tools(cont.)


    Anonymous tools cont3

    Anonymous Tools (Cont.)

    Anonymizer:

    • Originally a student project from CMU

    • One of the first PETs

    • Not concerned with transaction security

    • Provides anonymity by:

      • Routing through a proxy server

      • Software to manage security at the PC level (cookies, spyware, …)


    Anonymous tools cont4

    Anonymous Tools(Cont.)

    Anonymizer (Cont.)

    • Can be purchased for $30-$70

    • Can’t lose password

    • Services:

      • Customize privacy for each site

      • Erases cookies and log files, pop-up blocker, Spyware killer, unlisted IP

      • Reports

      • ISP service


    Anonymous tools cont5

    Anonymous Tools (Cont.)

    Seclusion Enhancing Technologies:

    • Examples:

      • iPrivacy, Incogno SafeZone

  • Target Transaction processing companies

  • Trusted third party who promises not to contact the customer

  • Consumer remains the decision maker


  • Anonymous tools cont6

    Anonymous Tools (cont.)


    Anonymous tools cont7

    Anonymous Tools(Cont.)

    Seclusion Enhancing Technologies:

    • Keeps limited data (dispute resolution)

    • Transaction by transaction basis

    • Customers can choose to not give any data to merchants


    Anonymous tools cont8

    Anonymous Tools (Cont.)

    iPrivacy

    • Intermediary for users and companies

    • Doesn’t have the ability to look at all user data

    • Cannot map transactions to user info.

    • Each transaction needs to have personal info filled out.


    Anonymous tools cont9

    Anonymous Tools(Cont.)

    iPrivacy(cont.)

    • Customer Downloads software (client-side software for shipping and Credit Card companies)

    • Licensed to Credit Card and Shipping Companies


    Anonymous tools cont10

    Anonymous Tools(Cont.)

    iPrivacy (cont.)

    • Avoids replay attacks for CC companies

    • Allows users to end associations with merchants


    Anonymous tools cont11

    Anonymous Tools (Cont.)

    iPrivacy (cont.)

    Privacy Policy:

    • Never sees the consumer’s name or address

    • Ensures only CC and shipping companies see data

    • iPrivacy works as a one-way mirror

    • PII filter satisfies HIPAA requirements


    Anonymous tools cont12

    Anonymous Tools (cont.)

    Property Managing Technology

    • Example:

      • .NET Passport

    • All user data is kept by the provider

    • Consumer doesn’t directly communicate with the merchant


    Anonymous tools cont13

    Anonymous Tools (cont.)


    Anonymous tools cont14

    Anonymous Tools (cont.)

    Property Managing Technology (cont.)

    • Consumer’s control rights are surrendered for service

    • Potential for misuse of data

    • User gives agency rights to the provider(no direct contact with merchant)


    Anonymous tools cont15

    Anonymous Tools (cont.)

    .NET Passport

    • Single login service

    • Customer’s personal info is contained in the Passport profile.

      • Name, E-mail, state, country, zip, gender, b-day, occupation, telephone #

    • Controls and logs all transactions


    Anonymous tools cont16

    Anonymous Tools (cont.)

    .NET Passport

    • Participating sites can provide personalized services

    • Merchants only get a Unique ID.

      Participants:

      • Ebay, MSN, Expedia, NASDAQ, Ubid.com


    Anonymous tools cont17

    Anonymous Tools (cont.)

    .NET Passport

    Privacy Policy:

    • member of TRUSTe privacy program

    • Will not sell or rent data

    • Some sites may require additional info

    • Doesn’t monitor the privacy policies of .NET participants

    • Data is stored in controlled facilities


    Anonymous tools cont18

    Anonymous Tools(cont.)

    .NET Passport

    • Uses “industry-standard” security technologies to encrypt data

    • Uses cookies (Can’t use .NET if you decline)

    • Microsoft has the right to store or process your data in the US or in another country.

    • Abides by the Safe Harbor framework (collection of data from the EU)


    Anonymous tools cont19

    Anonymous Tools (cont.)

    Conclusions:

    • identity is secured through proxy servers

    • Give up privacy for convenience (.NET)

    • Fairly cheap (some free)


    Privacy enhancing technologiespet

    PETs

    • Intro

    • Encryption Tools

    • Policy Tools

    • Filtering Tools

    • Anonymous Tools

    • Conclusion


    Conclusion

    Conclusion

    • Trade-off: Privacy vs. Convenience

    • People want free privacy

    • None of these tools are good enough by themselves

    • Technology that ensures the website is following its policy

    • Need for an universal organization


  • Login