1 / 18

Privacy Management for

Privacy Management for. Portable Recording Devices. J. Alex Halderman Brent Waters Edward W. Felten . Princeton University Department of Computer Science. J. A. Halderman. 1 of 10. Camera Phones. =. +. ×. Ubiquitous Recording. 170 million. =. New Privacy Threats.

mada
Télécharger la présentation

Privacy Management for

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Management for Portable Recording Devices J. Alex Halderman Brent Waters Edward W. Felten Princeton UniversityDepartment of Computer Science J. A. Halderman 1 of 10

  2. Camera Phones = + × Ubiquitous Recording 170 million = NewPrivacyThreats 170 million in 2004 J. A. Halderman 1 of 10

  3. New Privacy Threats A Breakdown of Social Norms J. A. Halderman 2 of 10

  4. Previous Approaches Coarse-Grained Restrictions Law/Policy Technology  Based on location, not full context Augment them, don’t replace them Usage RestrictionsLocal Bans Signal from beacon disables recording features  Decide before recording, not playback J. A. Halderman 3 of 10

  5. Our Approach Privacy protection built intotrusted recording devices J. A. Halderman 4 of 10

  6. Our Approach Recording subjects control use Negotiate using their devices (assume discovery method) J. A. Halderman 4 of 10

  7. Our Approach Encrypt recording before storing Must ask permission to decrypt Key share retained by privacy stakeholders Defers privacy decision to last possible moment J. A. Halderman 4 of 10

  8. Our Privacy Requirements 1. Unanimous Consent 2. Confidentiality of Vetoes Colluder J. A. Halderman 5 of 10

  9. Our Applications Laptops/WiFi AOL Instant Messenger • Protects audio recordings• Manual discovery • Protects chat logs• Discovery handled by AIM J. A. Halderman 6 of 10

  10. Secure XOR Alice Bob kBob Secret Secret kAlice Alice and Bob tell Carol kAlice  kBob without revealing other information about kAlice or kBob to anyone Carol Variation on Chaum’s “Dining Cryptographers” J. A. Halderman 7 of 10

  11. Secure XOR Alice Bob kBob Secret Secret kAlice BBob Blinding factor Blinding factorBAlice BBob BAlice BBobBAlicekBob kAliceBBobBAlice Carol kAliceBBobBAlice  BBobBAlicekBob = kAlice kBob A & B each XOR both blinding factors with their secret input and send the result to Carol Carol does not learn kAlice or kBob A & B choose and exchange random blinding factors Carol XORs these messages to learn kAlice  kBob J. A. Halderman 7 of 10

  12. Private Storage Protocol “Create” Operation Need a trusted recording device for now Identify stakeholders J. A. Halderman 8 of 10

  13. Secure XOR Private Storage Protocol “Create” Operation k1 k2=1101001 key=1101001 k1=0110100 k2=1011101 Recorder discards plaintext, key Encrypt using k1  k2 as key Stakeholders hold on to shares Securely tell recorder k1  k2 Choose random keyshares J. A. Halderman 8 of 10

  14. Secure XOR Secure XOR Private Storage Protocol “Decrypt” Operation 1110001  key=1101001 ? key=1000101 ? Cryptography provides strong protection May we decrypt <2100624>? id=2100624 owners=Alice,Bob kAlice=0110100 id=2100624 owners=Bob,Alice kBob=1011101 id=2100624 owners=Alice,Bob Requestor sends request Vetoes remain confidential Stakeholders apply policies To grant, input keyshare into XOR To deny, give random input to XOR J. A. Halderman 8 of 10

  15. Location Service Data In Data In Recorder A Recorder B “Create” Agent A Agent B Encrypted Recording Keyshare Keyshare Policy Policy Persistent Agent A Persistent Agent B “Decrypt” Storage Player Data Out Private Storage Protocol J. A. Halderman 8 of 10

  16. Privacy in Practice A Problem of Compliance Community of like-minded people:Social pressures, local policies, etc. Convince manufacturers to build it in:Regulatory pressure, customer demand Privacy law can provide further incentives J. A. Halderman 9 of 10

  17. Conclusions Ubiquitous recordingbrings privacy threats Widespread compliance among like-minded groups Technology can give controlback to recording subjects J. A. Halderman 10 of 10

  18. Privacy Management for Portable Recording Devices J. Alex Halderman Brent Waters Edward W. Felten Princeton UniversityDepartment of Computer Science

More Related