Annual workshop february 5th 2014
This presentation is the property of its rightful owner.
Sponsored Links
1 / 30

Annual Workshop February 5th, 2014 PowerPoint PPT Presentation


  • 77 Views
  • Uploaded on
  • Presentation posted in: General

Annual Workshop February 5th, 2014. A Formal Approach to Analyze Privacy in Electronic Services. MSEC Koen Decroix. Outline. Introducing Privacy in Loyalty Services Conceptual model of inShopnito Framework for Formal Reasoning on Privacy Privacy Analysis of inShopnito Conclusions.

Download Presentation

Annual Workshop February 5th, 2014

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Annual workshop february 5th 2014

Annual Workshop

February 5th, 2014


A formal approach to analyze privacy in electronic services

A Formal Approach to Analyze Privacy in Electronic Services

MSEC

Koen Decroix

[Koen Decroix – MSEC - KU Leuven]


Outline

Outline

  • Introducing Privacy in Loyalty Services

  • Conceptual model of inShopnito

  • Framework for Formal Reasoning on Privacy

  • Privacy Analysis of inShopnito

  • Conclusions


Introducing privacy in loyalty systems

Introducing Privacy in Loyalty Systems


Annual workshop february 5th 2014

Ever wondered what companies know about you?


Annual workshop february 5th 2014

… Max Schrems, an Austrian student, did!

Now he sues Facebook for their data practices on the personal data they collected about him.


Once there were small local family run stores binding customers with

Once, there were small local family-run stores binding customers with …


With the years they were replaced by big chains also binding customers

… with the years, they were replaced by big chains also binding customers …


Annual workshop february 5th 2014

For the convenience of their customers, loyalty services evolved to electronic services integrated with other online (third-party) services. Is this the full story?

Share your shopping activities with friends on Facebook

Authenticate


Annual workshop february 5th 2014

Not transparent to users

When registering to such services, you agreed with their terms and policies and gave them your consentfor collecting, processing, and forwarding your personal data.


Annual workshop february 5th 2014

Your past online activities leave non-erasable, possibly harmful, traces behind and might get spread around.


Annual workshop february 5th 2014

Citizens must be protected for these data practices.

This is where the European data protection legislation comes into play.


Annual workshop february 5th 2014

… designers have to consider multiple types of requirements

Complex


Annual workshop february 5th 2014

Need for formal modeling, as a support during design of composite services.


Annual workshop february 5th 2014

Privacy analysis is based on user profiles built from the formal models. Its feedback must be useful for system designers and users as well.


Conceptual model of inshopnito

Conceptual Model of inShopnito


Annual workshop february 5th 2014

Collecting loyalty points at first glance.


Annual workshop february 5th 2014

… but looking into more detail …

From specifications of service providers’ data practices (= service policies), we can derive that …


Annual workshop february 5th 2014

Conceptual model of inShopnito


Framework for formal reasoning on privacy

Framework for Formal Reasoning on Privacy


Annual workshop february 5th 2014

System Independent Model

Vocabulary

(Concepts)

Theory

Behavior

Inference Rules

User Model

System Model

Trust Perception

Organizations

Services

Logic Component

Conclusions

Initial State

Service Policies

Input Model

Credentials

Profiles

Storage

Access Control

Identifiability Model

Distribution

Output

Pseudonyms

Identities


Privacy analysis of inshopnito

Privacy Analysis of inShopnito


Annual workshop february 5th 2014

Privacy Analysis - Feedback

Linkabilities

Collaborations

Attributes

&

Violations


Annual workshop february 5th 2014

inShopnito modeled for two user types

Advertisers are not trusted

  • Trusts

  • Grocery Store

  • Loyalty Program Provider

  • inShopnito

No trust in organizations

Loyalty credential: Idemix what if X509 is used?


Annual workshop february 5th 2014

Linkabilities in inShopnito


Detect violations in inshopnito

Detect Violations in inShopnito

Advertisers not allowed to have the customer’s his:

Name

Address

eMail address

Violations of rules 1, 2, 3 are found only in case a X509 certificate is used in case of the user model


Conclusions

Conclusions


Annual workshop february 5th 2014

  • It is a formal approach to analyze privacy  power to prove properties

  • Approach is useful during service design

    • privacy by design is one of the principles in EU reform of data protection legislation.

    • analyzing linkabilities, collaborations, attributes in user profiles.

    • verify compliance with legislative and corporate level rules (detecting violations).

  • Approach is useful for education of people

    • EU reform of data protection  authorities get the task to educate people. E.g., model a user that participates to a survey about Facebook. Afterwards, perform a privacy analysis based on his assumptions and present him the difference between what he thinks and what can happen.


Questions

Questions


  • Login