1 / 8

Empowering Personal Data Management with Secure Hardware

Explore the challenges and solutions for managing personal data with secure hardware, and learn how to regain control over your data. Discover the benefits of using secure tokens and software for data storage, privacy control, and security guarantees.

elsac
Télécharger la présentation

Empowering Personal Data Management with Secure Hardware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Empowering Personal Data Management with Secure Hardware Benjamin Nguyen et al. INSA Centre Val de Loire / LIFO & INRIA SMIS project Dagstuhl Seminar Data, Responsibly July 19th 2016

  2. Mass-generation of (personal) data Where is your personal data? … Probably in data centers 112 new emails per day  Mail servers 65 SMS sent per day  Telcos 800 pages of social data  OSN Daily basis interaction data  Search engines, Telco, Geolocation data, transport cards, loyalty cards, quantified self ... Reprinted with permission Is this a problem ? WHY ? What can we do about it ? Everything is free…  2

  3. Why ? Because personal data is the new oil Is this good news ? • $2 billion a year spend by US companies on third-party data about individuals(Forrester Report) • $4.25 is the estimated return on $1 invested in targeted ad marketing (oil is up to 0.5$/yr) REF : http://royal.pingdom.com/2012/01/17/internet-2011-in-numbers/ Each year, companies in the U.S. spend more than $2 billion on third-party consumer data, according to Forrester Research Personal Data: The "New Oil" of the 21st Century http://www.weforum.org/sessions/summary/personal-data-new-oil-21st-century World Economic Forum, 2011 REF : [report on personal identity management from Forrester Research] REF : [rapport sur la fiscalité du numérique http://www.redressement-productif.gouv.fr/files/rapport-fiscalite-du-numerique_2013.pdf] TODO: revenus de exxon mobil/BP vs revenus de Google/Facebook ? TODO : EU vs US war => privacy comme argument EU pour contrer la dominance US ? 3

  4. Personal data is the new oil … or bad news ? REF : http://royal.pingdom.com/2012/01/17/internet-2011-in-numbers/ How would oil companies behave ? REF : [report on personal identity management from Forrester Research] They would offer to exploit your oil field for free They would offer free services to you … which would cost them only a few cents (e.g. HW/SW to manage emails) and would provide services which may not be to you (and not advertized) … which would yield healthy returns (e.g. advertisement and profiling, location tracking and spying, …) In other words : your personal data would be processed by sophisticated data refineries… REGARDLESS OF YOUR PRIVACY ! 4

  5. Targeted ads Profiling Photos Social Buying Mail Bank Sensors Location Quantified self Controlled data exposure Globalcomputing Is this a problem ? Yes, due to how our data is managed ? Current Web model Delegation  privacy and control issue Huge data stores  security issue Consensus  more user control Personal Web: return to citizens Quantified-self Controlled data exposure Crowd participation to global computations

  6. SD card Smartcard (data) (secrets) Bluetooth MCU (data managt) Fingerprint reader USB What can we do about this ? Return control (of data) to users On personal computers ? Administration by dummies, security On a cloud service ? May worsen the privacy problem The Personal Cloud Paradox : The complexity of returning control to the user means the user has to delegate administration PlugDB (https://project.inria.fr/plugdb/en/ ): an open, physically secure personal Web device (Secure Token) and software which… is auto-administered interfaces with user devices stores, indexes, queries, recovers data …and offers strong privacy (control) and security guarantees 50MHz ~100KB RAM (unlimited) Flash storage 10 to 250€

  7. Challenges : Security and Empowerment whencomputing on the Asymmetric Architecture ASYMMETRIC LOW POWER / AVAILABILITYHIGH TRUST HIGH POWER & AVAILABILITYLOW / NO TRUST Export Data Secure Computation Durability Encrypted Private Data Generated (e.g. sensor) Embedded data management : build a DBMS on a token (Efficient) Global querying … and other computations Heterogeneous / semantic data management Access and Usage Control Data export management Usability and adoptability ... 8

  8. A few references Cuong-Quoc To et al., Private and Scalable Execution of SQL Aggregates on a Secure Decentralized Architecture, in TODS, to appear, 2016. Nicolas Anciaux et al., A Scalable Search Engine for Mass Storage Smart Objects. VLDB 2015 Tristan Allard, et al., MetaP: Revisiting Privacy-Preserving Data Publishing using Secure Devices, in DAPD, 32(2): 191-244, 2014 Nicolas Anciaux et al., MILo-DB: a personal, secure and portable database machine, in DAPD 32(1): 37-63 (2014) Nicolas Anciaux et al., Trusted Cells : A Sea Change for Personnal Data Services, CIDR, 2013 Matias Bjørling et al., The Necessary Death of the Block Device Interface. CIDR 2013 Nicolas Anciaux et al., MinExp-card: limiting data collection using a smart card. EDBT 2013 Tristan Allard et al., Secure Personal Data Servers: a Vision Paper, VLDB, 2010 Demos Saliha Lallali et al., A Secure Search Engine for the Personal Cloud. SIGMOD (demo) 2015 Quoc-Cuong To et al., SQL/AA : Executing SQL on an Asymmetric Architecture, VLDB (demo) 2014 Niv Dayan et al., EagleTree: Exploring the Design Space of SSD-Based Algorithms. VLDB (demo) 2013

More Related