Privacy personalization rfids surveilance and encryption
1 / 42

- PowerPoint PPT Presentation

  • Updated On :

Privacy – Personalization, RFIDs, Surveilance, and Encryption. Week 6 - February 19, 21. Privacy risks from personalization. Unsolicited marketing. Desire to avoid unwanted marketing causes some people to avoid giving out personal information. My computer can “figure things out about me”.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about '' - Gideon

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Privacy personalization rfids surveilance and encryption l.jpg

Privacy – Personalization, RFIDs, Surveilance, and Encryption

Week 6 - February 19, 21

Unsolicited marketing l.jpg
Unsolicited marketing Encryption

Desire to avoid unwanted marketing causes some people to avoid giving out personal information

My computer can figure things out about me l.jpg
My computer can Encryption“figure things out about me”

The little people inside my computer might know it’s me…

… and they might tell their friends

Inaccurate inferences l.jpg
Inaccurate inferences Encryption

  • “My TiVo thinks I’m gay!”

Surprisingly accurate inferences l.jpg
Surprisingly accurate inferences Encryption

Everyone wants to be understood.

No one wants to be known.

You thought that on the internet nobody knew you were a dog l.jpg
You thought that on the Internet nobody knew you were a dog…

…but then you started getting personalized ads for your favorite brand of dog food

Price discrimination l.jpg
Price discrimination dog…

  • Concerns about being charged higher prices

  • Concerns about being treated differently

Revealing private information to other users of a computer l.jpg
Revealing private information to other users of a computer dog…

  • Revealing info to family members or co-workers

    • Gift recipient learns about gifts in advance

    • Co-workers learn about a medical condition

  • Revealing secrets that can unlock many accounts

    • Passwords, answers to secret questions, etc.

Exposing secrets to criminals l.jpg
Exposing secrets to criminals dog…

  • Stalkers, identity thieves, etc.

  • People who break into account may be able to access profile info

  • People may be able to probe recommender systems to learn profile information associated with other users

Subpoenas l.jpg
Subpoenas dog…

  • Records are often subpoenaed in patent disputes, child custody cases, civil litigation, criminal cases

Privacy invasive technologies l.jpg
Privacy invasive technologies dog…

  • Location tracking (cell phones, GPS devices that phone home, etc.)

  • RFID

  • Transit cards

  • Computer software that phones home

  • Devices that phone home

  • Video cameras (hidden cameras, cell phones)

  • Personalized ecommerce sites

  • Automobile data recorders

  • Face recognition

The global positioning system gps l.jpg
The Global Positioning System (GPS) dog…

  • Radio-navigation system operated by US DoD

  • Comprised of 24 satellites and 5 ground stations

  • Uses satellites to triangulate and calculate 3D position from 4 satellite signals

  • Receivers listen for radio beacons and triangulate their position

  • Typical accuracy in meters, cm accuracy possible

    • DoD intentionally degraded accuracy until May 2000

  • One-way system

    • Use other system to report location back

  • Does not work indoors

Radio frequency identification rfid l.jpg
Radio-frequency identification (RFID) dog…

  • Tags

    • Antenna bonded to small silicon chip encapsulated in glass or plastic (as small as grain of rice)

    • Unpowered (passive) tags and powered (active) tags

  • Readers

    • Broadcast energy to tags, causing tags to broadcast data

    • Energy from readers can also power onboard sensors or cause tag to write new data to memory

    • Read ranges currently a few centimeters up to a few meters

Source: Sixwise

Current and near term uses of rfid l.jpg
Current and near term uses of RFID dog…

  • Automobile immobilizers

  • Animal tracking

  • Building proximity cards

  • Payment systems

  • Automatic toll collection

  • Inventory management (mostly at pallet level)

    • Prevent drug counterfeiting

  • Passports

Electronic product code l.jpg
Electronic Product Code dog…

  • Standard managed by EPCglobal

  • Relatively small tags

    • Inexpensive

    • No encryption, limited security

    • Kill feature

    • Password feature

  • Designed to replace UPC bar codes

  • 96-bit+ serial number

  • Object Name Service (ONS) database operated by EPCglobal

Post sale uses l.jpg
Post-sale uses dog…

  • Read product labels to blind people

  • Sort packaging for recycling

  • Provide laundry instructions to washer, dryer, dry cleaner

  • Allow smart refrigerator to automatically generate shopping lists and warn about expired items and recalls

  • Allow smart closet to suggest outfits

  • Simplify product returns

Privacy concerns with epcs l.jpg
Privacy concerns with EPCs? dog…

  • What are the privacy risks?

  • What are possible solutions?

  • What are the limitations of these solutions?

Building proximity cards l.jpg
Building proximity cards dog…

  • Used for access control to buildings

  • Many prox cards have no security features

    • Easily clonable, even remotely

    • Can be read through someone’s pocket or from longer distances while card is being read by legitimate reader

  • Solutions involve adding crypto to cards

Rfid payment systems l.jpg
RFID payment systems dog…

  • Gas station keyfobs

  • Coming soon to the major credit cards in your wallet

    • Chase “Blink” card

    • Can be read from about 20 cm

  • Integrated into watches and cell phones

  • Main advantage is to save time

    • Don’t have to swipe machine

    • Don’t need signature

  • Crypto used to prevent cloning, but JHU researchers demonstrated how to break SpeedPass

Engineering privacy l.jpg
Engineering privacy dog…

  • Privacy by policy

  • Privacy by architecture

Black boxes l.jpg
Black Boxes dog…

  • Where are these found?

  • Question becomes who has control and access to the information?

  • What insurance uses can you foresee?

Organizing a research paper l.jpg

Research and Communication Skills dog…

Organizing a research paper

  • Decide up front what the point of your paper is and stay focused as you write

  • Once you have decided on the main point, pick a title

  • Start with an outline

  • Use multiple levels of headings (usually 2 or 3)

  • Don’t ramble!

Typical paper organization l.jpg

Research and Communication Skills dog…

Typical paper organization

  • Abstract

    • Short summary of paper

  • Introduction

    • Motivation (why this work is interesting/important, not your personal motivation)

  • Background and related work

    • Sometimes part of introduction, sometimes two sections

  • Methods

    • What you did

    • In a systems paper you may have system design and evaluation sections instead

  • Results

    • What you found out

  • Discussion

    • Also called Conclusion or Conclusions

    • May include conclusions, future work, discussion of implications,etc.

  • References

  • Appendix

    • Stuff not essential to understanding the paper, but useful, especially to those trying to reproduce your results - data tables, proofs, survey forms, etc.

These sections may be different in your papers

Road map l.jpg

Research and Communication Skills dog…

Road map

  • Papers longer than a few pages should have a “road map” so readers know where you are going

  • Road map usually comes at the end of the introduction

  • Tell them what you are going to say in the roadmap, say it, (then tell them what you said in the conclusions)

  • Examples

    • In the next section I introduce X and discuss related work. In Section 3 I describe my research methodology. In Section 4 I present results. In Section 5 I present conclusions and possible directions for future work.

    • Waldman et al, 2001: “This article presents an architecture for robust Web publishing systems. We describe nine design goals for such systems, review several existing systems, and take an in-depth look at Publius, a system that meets these design goals.”

Use topic sentences l.jpg

Research and Communication Skills dog…

Use topic sentences

  • (Almost) every paragraph should have a topic sentence

    • Usually the first sentence

    • Sometimes the last sentence

    • Topic sentence gives the main point of the paragraph

  • First paragraph of each section and subsection should give the main point of that section

  • Examples from Waldman et al, 2001

    • In this section we attempt to abstract the particular implementation details and describe the underlying components and architecture of a censorship-resistant system.

    • Anonymous publications have been used to help bring about change throughout history.

Avoid unsubstantiated claims l.jpg

Research and Communication Skills dog…

Avoid unsubstantiated claims

  • Provide evidence for every claim you make

    • Related work

    • Results of your own experiments

  • Conclusions should not come as a surprise

    • Analysis of related work, experimental results, etc. should support your conclusions

    • Conclusions should summarize, highlight, show relationships, raise questions for future work

    • Don’t introduce new ideas in discussion or conclusion section (other than ideas for related work)

    • Don’t reach conclusions not supported by the rest of your paper

Surveillance systems you should know about l.jpg
Surveillance systems you should know about dog…

  • Clipper

  • Echelon


  • TIA

  • Carnivore



Government surveillance l.jpg
Government surveillance dog…

  • Governments increasingly looking for personal records to mine in the name of fighting terrorism

  • People may be subject to investigation even if they have done nothing wrong

Risks may be magnified in future l.jpg
Risks may be magnified in future dog…

  • Wireless location tracking

  • Semantic web applications

  • Ubiquitous computing

Encryption l.jpg
Encryption dog…

  • Encryption has multiple aspects that are important

    • Stakeholders

      • More than just the endpoints, often

    • Mechanisms

      • Symmetric/Asymmetric

      • Key management systems

    • Usability

    • Impacts/implications

How encryption works simplified l.jpg
How Encryption Works (simplified) dog…

  • There are 2 types of encryption

    • Symmetric

    • Asymmetric

Cryptography basics l.jpg
Cryptography Basics dog…

  • Encryption algorithm

    • used to make content unreadable by all but the intended receivers

      E(plaintext,key) = ciphertext

      D(ciphertext,key) = plaintext

  • Symmetric (shared) key cryptography

    • A single key is used is used for E and D

      D( E(p,k1), k1 ) = p

  • Management of keys determines who has access to content

    • E.g., password encrypted email

Public key cryptography l.jpg
Public Key Cryptography dog…

  • Public Key cryptography

    • Each key pair consists of a public and private component: k+ (public key), k- (private key)

      D( E(p, k+), k- ) = p

      D( E(p, k-), k+ ) = p

  • Public keys are distributed (typically) through public key certificates

    • Anyone can communicate secretly with you if they have your certificate

    • E.g., SSL-base web commerce

Public key cryptography37 l.jpg
Public Key Cryptography dog…

Public Domain Images

Public key encryption l.jpg
Public Key Encryption dog…

  • Public/Private key combinations can also be used for signing documents

    • Proof of originator

    • Non-repudiation

  • Signing involves using the private key to create the modified message, which anyone read (is NOT secret), but the public key will verify the originator

Signing l.jpg
Signing dog…

Public Domain Images

Problems with encryption l.jpg
Problems with Encryption dog…

  • Usability

    • Software required

    • Complicated

  • Key management

    • Certificate authorities

    • PKI (public key infrastructure)

  • What happens when you lose a key?????

  • False sense of security

  • Policy and regulatory issues

    • “What have you got to hide?”

Homework 3 discussion l.jpg
Homework 3 discussion dog…


  • Pick one new-technology-related privacy concern that you believe to be particularly significant.

    • Explain the privacy issue and why you think it is a significant concern.

    • What might be done to mitigate the concern?

  • Pick a particular industry or type of web site and use Privacy Finder to find two P3P-enabled web sites of that type. At each site read both the human-readable privacy policy and the Privacy Finder privacy report.

    • Describe what aspects of each privacy policy you liked and what aspects you did not like (address both how well the sites protect privacy and how the privacy policies are presented).

    • Compare the experience reading the privacy policies with the experience reading the Privacy Finder privacy report.

Class debate 3 l.jpg
Class debate #3 dog…

  • The State of Pennsylvania should adopt legal restrictions on the use of web cams