Muhammad Eka WIJAYA

Technical Solutions Novel Challenges to Privacy

Privacy Enhancing Technologies

Examples

How to Address Privacy in Ubiquitous Work Understand Application

Define Problem

Know Tools

2

Collection Scale Ubiquitous computing able to do real life monitoring ( phone

usages, web browsing activities, etc ) Monitoring process is always ‘on’

Collection Manner Ubiquitous technology make things difficult to considerate as

public or private. At any point of time, in any location, any of actions could

potentially electronically recorded and published. 4

Data Types Collecting more facts than human opinion

Process the facts using data mining or any statistical methods

Collection Motivation Ordinary data from activities will be collected.

For government to make better policy

For company to understand customer and make better targeted marketing

Data Accessibility Data will travels among machines ( machine to machine data interaction )

5

Opacity tools More traditional security approaches, support for authentication and

confidentiality.

Example : Un-observability tools : prevent attackers from learning that communication took a

place

Identity management tools : user can prove authority without revealing identity

Transparency tools Attempt to improve subjects understanding and control of collected data.

Example : Watermarking systems : marking information in order to trace origin of data

Policy tools

6

Subject allowed to inspect and control corresponding information flow

Confab Toolkit

7

PawS System

8

Challenges Automation : RFID reading doesn’t require help of person

Identification : significant improvement ability to identify

individual Integration : identify tag become difficult without special

equipment

Authentication

9

Main violation may occur Clandestine scanning : tag scanned without carrier’s consent Eavesdropping : someone can eavesdrop during data

communication between tag and reader or between reader and channel

Data leakage : RFID reader can read more information from tag than necessary

10

Add more factor to Novel challenges Limited resources Limited computational capability to support advance security such as

encryption algorithm

Key selection Need a shared secret between tag and reader. But with a lot of tags,

difficult to know which tag related with that secret

11

Communication Confidentiality and Anti-collision Protocols Encrypt communication between tag and reader Use random UID for tag problem is slower read process

Access control Add hashed password to each tag and lock the read ability

12

Proxies Incorporating RFID reader with customer device. Customer

device can block or allow access to RFID tag. Other approach uses logging and alerting functions that require

readers to identify themselves and offer links to machine-readable privacy policies.

13

Location information is very sensitive Example : If a thief can get location information from someone, it will be easier for them to do a robbery.

Solution for protection Separate identity from time and location

14

Solution for protection Obfuscate location and time

15

Define the form of products as they relate with user behavior and usage

Anticipate how the use of products will mediate human relationship and affect human understanding

Explore dialogue between products, people, and context

17

Define what type of privacy that provided to users

Make threat model from the use of products, technical development, and how the products work

Should think not only attack may occur but opportunity for unwanted disclosure based on actual and potential information flows

Information flows : social and organizational context Technological context

18

Understand the limit and capabilities of security and access control technology

Example : Advanced encryption algorithm may not able to be implemented in

RFID because of limited resources

19