privacy personalization rfids surveilance and encryption l.
Skip this Video
Loading SlideShow in 5 Seconds..
Privacy – Personalization, RFIDs, Surveilance, and Encryption PowerPoint Presentation
Download Presentation
Privacy – Personalization, RFIDs, Surveilance, and Encryption

Loading in 2 Seconds...

play fullscreen
1 / 42

Privacy – Personalization, RFIDs, Surveilance, and Encryption - PowerPoint PPT Presentation

  • Uploaded on

Privacy – Personalization, RFIDs, Surveilance, and Encryption. Week 6 - February 19, 21. Privacy risks from personalization. Unsolicited marketing. Desire to avoid unwanted marketing causes some people to avoid giving out personal information. My computer can “figure things out about me”.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Privacy – Personalization, RFIDs, Surveilance, and Encryption' - Gideon

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
privacy personalization rfids surveilance and encryption

Privacy – Personalization, RFIDs, Surveilance, and Encryption

Week 6 - February 19, 21

unsolicited marketing
Unsolicited marketing

Desire to avoid unwanted marketing causes some people to avoid giving out personal information

my computer can figure things out about me
My computer can “figure things out about me”

The little people inside my computer might know it’s me…

… and they might tell their friends

inaccurate inferences
Inaccurate inferences
  • “My TiVo thinks I’m gay!”
surprisingly accurate inferences
Surprisingly accurate inferences

Everyone wants to be understood.

No one wants to be known.

you thought that on the internet nobody knew you were a dog
You thought that on the Internet nobody knew you were a dog…

…but then you started getting personalized ads for your favorite brand of dog food

price discrimination
Price discrimination
  • Concerns about being charged higher prices
  • Concerns about being treated differently
revealing private information to other users of a computer
Revealing private information to other users of a computer
  • Revealing info to family members or co-workers
    • Gift recipient learns about gifts in advance
    • Co-workers learn about a medical condition
  • Revealing secrets that can unlock many accounts
    • Passwords, answers to secret questions, etc.
exposing secrets to criminals
Exposing secrets to criminals
  • Stalkers, identity thieves, etc.
  • People who break into account may be able to access profile info
  • People may be able to probe recommender systems to learn profile information associated with other users
  • Records are often subpoenaed in patent disputes, child custody cases, civil litigation, criminal cases
privacy invasive technologies
Privacy invasive technologies
  • Location tracking (cell phones, GPS devices that phone home, etc.)
  • RFID
  • Transit cards
  • Computer software that phones home
  • Devices that phone home
  • Video cameras (hidden cameras, cell phones)
  • Personalized ecommerce sites
  • Automobile data recorders
  • Face recognition
the global positioning system gps
The Global Positioning System (GPS)
  • Radio-navigation system operated by US DoD
  • Comprised of 24 satellites and 5 ground stations
  • Uses satellites to triangulate and calculate 3D position from 4 satellite signals
  • Receivers listen for radio beacons and triangulate their position
  • Typical accuracy in meters, cm accuracy possible
    • DoD intentionally degraded accuracy until May 2000
  • One-way system
    • Use other system to report location back
  • Does not work indoors
radio frequency identification rfid
Radio-frequency identification (RFID)
  • Tags
    • Antenna bonded to small silicon chip encapsulated in glass or plastic (as small as grain of rice)
    • Unpowered (passive) tags and powered (active) tags
  • Readers
    • Broadcast energy to tags, causing tags to broadcast data
    • Energy from readers can also power onboard sensors or cause tag to write new data to memory
    • Read ranges currently a few centimeters up to a few meters

Source: Sixwise

current and near term uses of rfid
Current and near term uses of RFID
  • Automobile immobilizers
  • Animal tracking
  • Building proximity cards
  • Payment systems
  • Automatic toll collection
  • Inventory management (mostly at pallet level)
    • Prevent drug counterfeiting
  • Passports
electronic product code
Electronic Product Code
  • Standard managed by EPCglobal
  • Relatively small tags
    • Inexpensive
    • No encryption, limited security
    • Kill feature
    • Password feature
  • Designed to replace UPC bar codes
  • 96-bit+ serial number
  • Object Name Service (ONS) database operated by EPCglobal
post sale uses
Post-sale uses
  • Read product labels to blind people
  • Sort packaging for recycling
  • Provide laundry instructions to washer, dryer, dry cleaner
  • Allow smart refrigerator to automatically generate shopping lists and warn about expired items and recalls
  • Allow smart closet to suggest outfits
  • Simplify product returns
privacy concerns with epcs
Privacy concerns with EPCs?
  • What are the privacy risks?
  • What are possible solutions?
  • What are the limitations of these solutions?
building proximity cards
Building proximity cards
  • Used for access control to buildings
  • Many prox cards have no security features
    • Easily clonable, even remotely
    • Can be read through someone’s pocket or from longer distances while card is being read by legitimate reader
  • Solutions involve adding crypto to cards
rfid payment systems
RFID payment systems
  • Gas station keyfobs
  • Coming soon to the major credit cards in your wallet
    • Chase “Blink” card
    • Can be read from about 20 cm
  • Integrated into watches and cell phones
  • Main advantage is to save time
    • Don’t have to swipe machine
    • Don’t need signature
  • Crypto used to prevent cloning, but JHU researchers demonstrated how to break SpeedPass
engineering privacy
Engineering privacy
  • Privacy by policy
  • Privacy by architecture
black boxes
Black Boxes
  • Where are these found?
  • Question becomes who has control and access to the information?
  • What insurance uses can you foresee?
organizing a research paper

Research and Communication Skills

Organizing a research paper
  • Decide up front what the point of your paper is and stay focused as you write
  • Once you have decided on the main point, pick a title
  • Start with an outline
  • Use multiple levels of headings (usually 2 or 3)
  • Don’t ramble!
typical paper organization

Research and Communication Skills

Typical paper organization
  • Abstract
    • Short summary of paper
  • Introduction
    • Motivation (why this work is interesting/important, not your personal motivation)
  • Background and related work
    • Sometimes part of introduction, sometimes two sections
  • Methods
    • What you did
    • In a systems paper you may have system design and evaluation sections instead
  • Results
    • What you found out
  • Discussion
    • Also called Conclusion or Conclusions
    • May include conclusions, future work, discussion of implications,etc.
  • References
  • Appendix
    • Stuff not essential to understanding the paper, but useful, especially to those trying to reproduce your results - data tables, proofs, survey forms, etc.

These sections may be different in your papers

road map

Research and Communication Skills

Road map
  • Papers longer than a few pages should have a “road map” so readers know where you are going
  • Road map usually comes at the end of the introduction
  • Tell them what you are going to say in the roadmap, say it, (then tell them what you said in the conclusions)
  • Examples
    • In the next section I introduce X and discuss related work. In Section 3 I describe my research methodology. In Section 4 I present results. In Section 5 I present conclusions and possible directions for future work.
    • Waldman et al, 2001: “This article presents an architecture for robust Web publishing systems. We describe nine design goals for such systems, review several existing systems, and take an in-depth look at Publius, a system that meets these design goals.”
use topic sentences

Research and Communication Skills

Use topic sentences
  • (Almost) every paragraph should have a topic sentence
    • Usually the first sentence
    • Sometimes the last sentence
    • Topic sentence gives the main point of the paragraph
  • First paragraph of each section and subsection should give the main point of that section
  • Examples from Waldman et al, 2001
    • In this section we attempt to abstract the particular implementation details and describe the underlying components and architecture of a censorship-resistant system.
    • Anonymous publications have been used to help bring about change throughout history.
avoid unsubstantiated claims

Research and Communication Skills

Avoid unsubstantiated claims
  • Provide evidence for every claim you make
    • Related work
    • Results of your own experiments
  • Conclusions should not come as a surprise
    • Analysis of related work, experimental results, etc. should support your conclusions
    • Conclusions should summarize, highlight, show relationships, raise questions for future work
    • Don’t introduce new ideas in discussion or conclusion section (other than ideas for related work)
    • Don’t reach conclusions not supported by the rest of your paper
surveillance systems you should know about
Surveillance systems you should know about
  • Clipper
  • Echelon
  • TIA
  • Carnivore
government surveillance
Government surveillance
  • Governments increasingly looking for personal records to mine in the name of fighting terrorism
  • People may be subject to investigation even if they have done nothing wrong
risks may be magnified in future
Risks may be magnified in future
  • Wireless location tracking
  • Semantic web applications
  • Ubiquitous computing
  • Encryption has multiple aspects that are important
    • Stakeholders
      • More than just the endpoints, often
    • Mechanisms
      • Symmetric/Asymmetric
      • Key management systems
    • Usability
    • Impacts/implications
how encryption works simplified
How Encryption Works (simplified)
  • There are 2 types of encryption
    • Symmetric
    • Asymmetric
cryptography basics
Cryptography Basics
  • Encryption algorithm
    • used to make content unreadable by all but the intended receivers

E(plaintext,key) = ciphertext

D(ciphertext,key) = plaintext

  • Symmetric (shared) key cryptography
    • A single key is used is used for E and D

D( E(p,k1), k1 ) = p

  • Management of keys determines who has access to content
    • E.g., password encrypted email
public key cryptography
Public Key Cryptography
  • Public Key cryptography
    • Each key pair consists of a public and private component: k+ (public key), k- (private key)

D( E(p, k+), k- ) = p

D( E(p, k-), k+ ) = p

  • Public keys are distributed (typically) through public key certificates
    • Anyone can communicate secretly with you if they have your certificate
    • E.g., SSL-base web commerce
public key cryptography37
Public Key Cryptography

Public Domain Images

public key encryption
Public Key Encryption
  • Public/Private key combinations can also be used for signing documents
    • Proof of originator
    • Non-repudiation
  • Signing involves using the private key to create the modified message, which anyone read (is NOT secret), but the public key will verify the originator

Public Domain Images

problems with encryption
Problems with Encryption
  • Usability
    • Software required
    • Complicated
  • Key management
    • Certificate authorities
    • PKI (public key infrastructure)
  • What happens when you lose a key?????
  • False sense of security
  • Policy and regulatory issues
    • “What have you got to hide?”
homework 3 discussion
Homework 3 discussion
  • Pick one new-technology-related privacy concern that you believe to be particularly significant.
    • Explain the privacy issue and why you think it is a significant concern.
    • What might be done to mitigate the concern?
  • Pick a particular industry or type of web site and use Privacy Finder to find two P3P-enabled web sites of that type. At each site read both the human-readable privacy policy and the Privacy Finder privacy report.
    • Describe what aspects of each privacy policy you liked and what aspects you did not like (address both how well the sites protect privacy and how the privacy policies are presented).
    • Compare the experience reading the privacy policies with the experience reading the Privacy Finder privacy report.
class debate 3
Class debate #3
  • The State of Pennsylvania should adopt legal restrictions on the use of web cams