1 / 44

Privacy Enhancing Technologies(PET)

Privacy Enhancing Technologies(PET). Bobby Vellanki Computer Science Dept. Yale University. PETs. Intro Encryption Tools Policy Tools Filtering Tools Anonymous Tools Conclusion. PET. PET – Technology that enhances user control and removes personal identifiers Users want free Privacy

ataret
Télécharger la présentation

Privacy Enhancing Technologies(PET)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University

  2. PETs • Intro • Encryption Tools • Policy Tools • Filtering Tools • Anonymous Tools • Conclusion

  3. PET • PET – Technology that enhances user control and removes personal identifiers • Users want free Privacy • Hundreds of new technologies developed • www.Epic.org

  4. PET • Classified into 4 Categories: • Encryption Tools (SSL) • Policy Tools (P3P, TRUSTe) • Filtering Tools (Cookie Cutters, Spyware) • Anonymous Tools (Anonymizer, iPrivacy)

  5. PETs • Intro • Encryption Tools • Policy Tools • Filtering Tools • Anonymous Tools • Conclusion

  6. Encryption Tools • Examples: • SSL, PGP, Encryptionizer • Thought of as a security tool to prevent unauthorized access to communications, files, and computers. • Users don’t see the need • Necessary for privacy protection but not sufficient by themselves.

  7. Encryption Tools • Pros: • Inexpensive (free) • Easily Accessible • Cons: • Encryption Software isn’t used unless it is built-in to the software. • Both parties need to use the same software

  8. Encryption Tools Conclusions: • Easy access • All parties need to use the same tool • Good start but not sufficient enough

  9. PETs • Intro • Encryption Tools • Policy Tools • Filtering Tools • Anonymous Tools • Conclusion

  10. Policy Tools • P3P (Platform for Privacy Preferences) • Developed by World Wide Web Consortium • TRUSTe • non-profit organization which ensures websites are following their privacy policy • Promotes fair information practices • BBBonline

  11. Policy Tools(Cont.) P3P • Users declare their privacy policy on their browsers • Websites register their policy with Security agencies. • The website policy is compared with user policy and the browser makes automated decisions.

  12. Policy Tools(Cont.) P3P Cont. • Might help uncover privacy gaps for websites • Can block cookies or prevent access to some sites. • Consumer awareness • Built into IE 6.0 and Netscape 7 as of July 2002

  13. Policy Tools(Cont.) Conclusions: • Users are unaware of Privacy Policies • Not all websites have Policy tools • Need automated checks to see if websites are following their privacy policy

  14. PETs • Intro • Encryption Tools • Policy Tools • Filtering Tools • Anonymous Tools • Conclusion

  15. Filtering Tools • Some Types • SPAM filtering • Cookie Cutters • Spyware killers

  16. Filtering Tools (Cont.) SPAM Filters: • Problems: • Spammers use new technologies to defeat filters • Legitimate E-mailers send SPAM resembling E-mail

  17. Filtering Tools(Cont.) SPAM Filters (cont.) • Possible Solution: • E-Mail postage scheme • Infeasible solution • Tough to impose worldwide • Need homogenous technology for all parties • Policy responsibility is unclear (Who will police it?)

  18. Cookie Cutters • Programs that prevent browsers from exchanging cookies • Can block: • Cookies • Pop-ups • http headers that reveal sensitive info • Banner ads • Animated graphics

  19. Cookie Cutters(cont.) • Spyware killers: • Programs that gather info and send it to websites • Downloaded without user knowledge

  20. Filtering Tools (cont.) Conclusions: • New technologies are created everyday • Tough to distinguish SPAM • Need for a universal organization • People are ignorant about the use of cookies

  21. PETs • Intro • Encryption Tools • Policy Tools • Filtering Tools • Anonymous Tools • Conclusion

  22. Anonymous Tools • Enable users to communicate anonymously • Masks the IP address and personal info • Some use 3rd party proxy servers • Strips off user info and sends it to websites • Not helpful for online transactions • Expensive

  23. Anonymous Tools(Cont.) Types of Anonymizer Technologies: • Autonomy Enhancing (Anonymizer) • Seclusion Enhancing (iPrivacy) • Property Managing (.NET Passport)

  24. Anonymous Tools(Cont.) Autonomy Enhancing Technology: • Examples: • Anonymizer, Freedom by Zero Knowledge • No user Information is stored • User has complete control

  25. Anonymous Tools(cont.)

  26. Anonymous Tools (Cont.) Anonymizer: • Originally a student project from CMU • One of the first PETs • Not concerned with transaction security • Provides anonymity by: • Routing through a proxy server • Software to manage security at the PC level (cookies, spyware, …)

  27. Anonymous Tools(Cont.) Anonymizer (Cont.) • Can be purchased for $30-$70 • Can’t lose password • Services: • Customize privacy for each site • Erases cookies and log files, pop-up blocker, Spyware killer, unlisted IP • Reports • ISP service

  28. Anonymous Tools (Cont.) Seclusion Enhancing Technologies: • Examples: • iPrivacy, Incogno SafeZone • Target Transaction processing companies • Trusted third party who promises not to contact the customer • Consumer remains the decision maker

  29. Anonymous Tools (cont.)

  30. Anonymous Tools(Cont.) Seclusion Enhancing Technologies: • Keeps limited data (dispute resolution) • Transaction by transaction basis • Customers can choose to not give any data to merchants

  31. Anonymous Tools (Cont.) iPrivacy • Intermediary for users and companies • Doesn’t have the ability to look at all user data • Cannot map transactions to user info. • Each transaction needs to have personal info filled out.

  32. Anonymous Tools(Cont.) iPrivacy(cont.) • Customer Downloads software (client-side software for shipping and Credit Card companies) • Licensed to Credit Card and Shipping Companies

  33. Anonymous Tools(Cont.) iPrivacy (cont.) • Avoids replay attacks for CC companies • Allows users to end associations with merchants

  34. Anonymous Tools (Cont.) iPrivacy (cont.) Privacy Policy: • Never sees the consumer’s name or address • Ensures only CC and shipping companies see data • iPrivacy works as a one-way mirror • PII filter satisfies HIPAA requirements

  35. Anonymous Tools (cont.) Property Managing Technology • Example: • .NET Passport • All user data is kept by the provider • Consumer doesn’t directly communicate with the merchant

  36. Anonymous Tools (cont.)

  37. Anonymous Tools (cont.) Property Managing Technology (cont.) • Consumer’s control rights are surrendered for service • Potential for misuse of data • User gives agency rights to the provider(no direct contact with merchant)

  38. Anonymous Tools (cont.) .NET Passport • Single login service • Customer’s personal info is contained in the Passport profile. • Name, E-mail, state, country, zip, gender, b-day, occupation, telephone # • Controls and logs all transactions

  39. Anonymous Tools (cont.) .NET Passport • Participating sites can provide personalized services • Merchants only get a Unique ID. Participants: • Ebay, MSN, Expedia, NASDAQ, Ubid.com

  40. Anonymous Tools (cont.) .NET Passport Privacy Policy: • member of TRUSTe privacy program • Will not sell or rent data • Some sites may require additional info • Doesn’t monitor the privacy policies of .NET participants • Data is stored in controlled facilities

  41. Anonymous Tools(cont.) .NET Passport • Uses “industry-standard” security technologies to encrypt data • Uses cookies (Can’t use .NET if you decline) • Microsoft has the right to store or process your data in the US or in another country. • Abides by the Safe Harbor framework (collection of data from the EU)

  42. Anonymous Tools (cont.) Conclusions: • identity is secured through proxy servers • Give up privacy for convenience (.NET) • Fairly cheap (some free)

  43. PETs • Intro • Encryption Tools • Policy Tools • Filtering Tools • Anonymous Tools • Conclusion

  44. Conclusion • Trade-off: Privacy vs. Convenience • People want free privacy • None of these tools are good enough by themselves • Technology that ensures the website is following its policy • Need for an universal organization

More Related