muhammad eka wijaya...for government to make better policy for company to understand customer and...
TRANSCRIPT
Muhammad Eka WIJAYA
Technical Solutions Novel Challenges to Privacy
Privacy Enhancing Technologies
Examples
How to Address Privacy in Ubiquitous Work Understand Application
Define Problem
Know Tools
2
Collection Scale Ubiquitous computing able to do real life monitoring ( phone
usages, web browsing activities, etc ) Monitoring process is always ‘on’
Collection Manner Ubiquitous technology make things difficult to considerate as
public or private. At any point of time, in any location, any of actions could
potentially electronically recorded and published. 4
Data Types Collecting more facts than human opinion
Process the facts using data mining or any statistical methods
Collection Motivation Ordinary data from activities will be collected.
For government to make better policy
For company to understand customer and make better targeted marketing
Data Accessibility Data will travels among machines ( machine to machine data interaction )
5
Opacity tools More traditional security approaches, support for authentication and
confidentiality.
Example : Un-observability tools : prevent attackers from learning that communication took a
place
Identity management tools : user can prove authority without revealing identity
Transparency tools Attempt to improve subjects understanding and control of collected data.
Example : Watermarking systems : marking information in order to trace origin of data
Policy tools
6
Subject allowed to inspect and control corresponding information flow
Confab Toolkit
7
PawS System
8
Challenges Automation : RFID reading doesn’t require help of person
Identification : significant improvement ability to identify
individual Integration : identify tag become difficult without special
equipment
Authentication
9
Main violation may occur Clandestine scanning : tag scanned without carrier’s consent Eavesdropping : someone can eavesdrop during data
communication between tag and reader or between reader and channel
Data leakage : RFID reader can read more information from tag than necessary
10
Add more factor to Novel challenges Limited resources Limited computational capability to support advance security such as
encryption algorithm
Key selection Need a shared secret between tag and reader. But with a lot of tags,
difficult to know which tag related with that secret
11
Communication Confidentiality and Anti-collision Protocols Encrypt communication between tag and reader Use random UID for tag problem is slower read process
Access control Add hashed password to each tag and lock the read ability
12
Proxies Incorporating RFID reader with customer device. Customer
device can block or allow access to RFID tag. Other approach uses logging and alerting functions that require
readers to identify themselves and offer links to machine-readable privacy policies.
13
Location information is very sensitive Example : If a thief can get location information from someone, it will be easier for them to do a robbery.
Solution for protection Separate identity from time and location
14
Solution for protection Obfuscate location and time
15
Define the form of products as they relate with user behavior and usage
Anticipate how the use of products will mediate human relationship and affect human understanding
Explore dialogue between products, people, and context
17
Define what type of privacy that provided to users
Make threat model from the use of products, technical development, and how the products work
Should think not only attack may occur but opportunity for unwanted disclosure based on actual and potential information flows
Information flows : social and organizational context Technological context
18
Understand the limit and capabilities of security and access control technology
Example : Advanced encryption algorithm may not able to be implemented in
RFID because of limited resources
19