1 / 12

Technical Aspects of Privacy

Technical Aspects of Privacy . Prof. Dr. Michael Waidner Director, Fraunhofer SIT and CASED Professor, TU Darmstadt, CSc /CASED/Security in IT. Conference on Security of eGovernment Brussels, European Parliament, February 19, 2013. Other services. Five Technical Privacy Challenges.

miriam
Télécharger la présentation

Technical Aspects of Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Technical Aspects of Privacy Prof. Dr. Michael Waidner Director, Fraunhofer SIT and CASEDProfessor, TU Darmstadt, CSc/CASED/Security in IT Conference on Security of eGovernment Brussels, European Parliament, February 19, 2013

  2. Other services Five Technical Privacy Challenges 2. Purpose Purpose violation User Network • 3. Control • Lack of knowledge • Incorrect data • Unauthorized data • Persistency Service 1. Data Minimization Avoidable digital traces vis-à-vis Service and vis-à-vis Network 5. Anonymous aggregated and inferred data (Re-)identification, continuum of personal date – anonymous data 4. Context Context violation http://www.sit.cased.de/fileadmin/user_upload/Group_SIT/Publications/120227a_GhSW_12.pdf Other users

  3. Crypto 1: Encryption for Confidentiality and Erasure Ready, widely deployed (but not always used and understood correctly) Backup User Service Data encrypted on disk/tape Deleting key = Erasing data http://www.sit.fraunhofer.de/en/fields-of-expertise/projects/omnicloud.html

  4. Crypto 2: Privacy-preserving Attribute-Based Credentials (ABC) Issuer • Efficient • Mature (>10 years) • Smartcard-ready • Limited commercialavailability Ready for commercial use Relying Party User IBM Identity Mixer (Damgård ... Camenisch, Lysyanskaya 2001) Microsoft UProve(Chaum ... Brands 1999)

  5. Crypto 3: Crypto + HW for Privacy-preserving Computations Ready for prototyping ObliviAd(Backes, Kate, Maffei, Pecina, 2013)

  6. Crypto 4: Extending Control “Into the Cloud” Computes enc(F(data)) without the ability to decrypt enc(data). enc(data) enc(F(data)) Ready for small and special cases Needs more research Most recent breakthrough: Fully Homomorphic Encryption (Gentry, 2008)

  7. Proposed EU Regulation is an Important Step Forward • 1. Demonstrate positive impact on innovation and prosperity • Inventory of business ideas and capabilities supporting privacy • 4. Privacy by Design needs specificity • Use cases, ref architectures, design tools • 2. Mandate and enable informed consent • Automation: Privacy Agents • Transparency: personal data management, automated analysis and nutrition labels, incident disclosure • Fair and demonstrably justified preauthorization • 3. Eroding difference between personal & anonymized data • Consider final impact on individual http://www.zeit.de/digital/datenschutz/2013-02/stellungnahme-datenschutz-professoren/komplettansicht

  8. Other services Many Open Questions in Need of Research and Development 2. Purpose Purpose violation User Network • 3. Control • Lack of knowledge • Incorrect data • Unauthorized data • Persistency Service 1. Data Minimization Avoidable digital traces vis-à-vis Service and vis-à-vis Network 5. Anonymous aggregated and inferred data (Re-)identification, continuum of personal date – anonymous data 4. Context Context violation Other users

  9. Prof. Dr. Michael Waidner michael.waidner@sit.fraunhofer.de Fraunhofer Institute forSecure Information Technology (SIT) Rheinstrasse 75 • 64295 Darmstadt • www.sit.fraunhofer.de Technical University of Darmstadt Department of Computer Science (FB20),Chair for Security in IT (FG SIT) Mornewegstrasse30 • 64289 Darmstadt • www.sit.tu-darmstadt.de

More Related