1 / 18

Privacy Enhancing Technology for Web

Privacy Enhancing Technology for Web. Meng Yan. Introduction. In fact, your online actions may be monitored by unauthorized parties logged and preserved for future access years later. Principles. Controlling Over Data Collection Limitation Inform Data Security Access Right.

palmer
Télécharger la présentation

Privacy Enhancing Technology for Web

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Enhancing Technology for Web Meng Yan

  2. Introduction • In fact, • your online actions may be • monitored by unauthorized parties • logged and preserved for future access years later

  3. Principles • Controlling Over Data • Collection Limitation • Inform • Data Security • Access Right

  4. Principles • Protecting Anonymity • Anonymity • Pseudonymity • Unobservability • Unlinkablity • Deniability

  5. Principles • Separating User from Unwanted Data

  6. Classification Based on Application Area: • Privacy Policy Language • Anonymity Technology • Authentication Management

  7. ClassificationPrivacy Policy Language • Application Area • Formalize privacy policies • Help surfers understand privacy policies • Help websites express privacy policies • Representative PPL • P3P • EPAL • XACML

  8. ClassificationPrivacy Policy LanguageP3P • Give a standard format of privacy policy • User agent of P3P interprets privacy policy to users • User need not to read privacy policy at every website they visit

  9. ClassificationPrivacy Policy LanguageEPAL • The first language that allows websites to express privacy policies of rule-based complexity directly in a standards-based markup language

  10. ClassificationPrivacy Policy LanguageeXtensible Access Control Markup Language (XACML) • Describe privacy policy • Describe request/response

  11. ClassificationAnonymity Technology • Application Area • Anonymous browsing and publishing • Classification (based on implementation_method) • Remove user’s information • Anonymous HTTP proxy server • Mark-up user’s information • Mix-based System • Crowd

  12. HTTP Server HTTP Proxy Server N Modified HTTP Request HTTP Proxy Server 1 HTTP Request User ClassificationAnonymity TechnologyAnonymous HTTP proxy server

  13. Server Onion Router Onion Router Onion Router Onion Router Onion Router Onion Router Exit Entry Onion Router Onion Proxy User ClassificationAnonymity TechnologyMix-based System

  14. ClassificationAuthentication Management • Application Area • Protect Identity • Authenticating Information (AI) • What user knows (password) • What user has (fingerprints, credit card number) • What user does (signature) • Classification • Two-factor authentication (relies on two AI) • Multi-factor authentication (relies on more than two AI)

  15. ComparisonP3P, EPAL, XACML

  16. ComparisonCrowd vs. mix-based system • Common Mix-based Systems • message delivery paths are fixed and messages are encrypted. • Crowd • paths are dynamically configured as a message traverses the network and each crowd member encrypts the message for the next member of the path.

  17. Conclusion P3P Privacy Policy Language (PPL) EPAL & XACML PET HTTP proxy server Anonymity Technology Mix-based system &(Crowd) Two-factor Authentication Management Multi-factor

  18. Thank you!

More Related