Privacy Enhancing TechnologiesPET - PowerPoint PPT Presentation

About This Presentation
Title:

Privacy Enhancing TechnologiesPET

Description:

... Privacy. Hundreds of new technologies developed. www.Epic.org. PET ... Fairly cheap (some free) PETs. Intro. Encryption Tools. Policy Tools. Filtering Tools ... – PowerPoint PPT presentation

Number of Views:108
Avg rating:3.0/5.0
Slides: 45
Provided by: zooCs
Learn more at: https://zoo.cs.yale.edu
Category:

less

Transcript and Presenter's Notes

Title: Privacy Enhancing TechnologiesPET


1
Privacy Enhancing Technologies(PET)
  • Bobby Vellanki
  • Computer Science Dept.
  • Yale University

2
PETs
  • Intro
  • Encryption Tools
  • Policy Tools
  • Filtering Tools
  • Anonymous Tools
  • Conclusion

3
PET
  • PET Technology that enhances user control and
    removes personal identifiers
  • Users want free Privacy
  • Hundreds of new technologies developed
  • www.Epic.org

4
PET
  • Classified into 4 Categories
  • Encryption Tools (SSL)
  • Policy Tools (P3P, TRUSTe)
  • Filtering Tools (Cookie Cutters, Spyware)
  • Anonymous Tools (Anonymizer, iPrivacy)

5
PETs
  • Intro
  • Encryption Tools
  • Policy Tools
  • Filtering Tools
  • Anonymous Tools
  • Conclusion

6
Encryption Tools
  • Examples
  • SSL, PGP, Encryptionizer
  • Thought of as a security tool to prevent
    unauthorized access to communications, files, and
    computers.
  • Users dont see the need
  • Necessary for privacy protection but not
    sufficient by themselves.

7
Encryption Tools
  • Pros
  • Inexpensive (free)
  • Easily Accessible
  • Cons
  • Encryption Software isnt used unless it is
    built-in to the software.
  • Both parties need to use the same software

8
Encryption Tools
  • Conclusions
  • Easy access
  • All parties need to use the same tool
  • Good start but not sufficient enough

9
PETs
  • Intro
  • Encryption Tools
  • Policy Tools
  • Filtering Tools
  • Anonymous Tools
  • Conclusion

10
Policy Tools
  • P3P (Platform for Privacy Preferences)
  • Developed by World Wide Web Consortium
  • TRUSTe
  • non-profit organization which ensures websites
    are following their privacy policy
  • Promotes fair information practices
  • BBBonline

11
Policy Tools(Cont.)
  • P3P
  • Users declare their privacy policy on their
    browsers
  • Websites register their policy with Security
    agencies.
  • The website policy is compared with user policy
    and the browser makes automated decisions.

12
Policy Tools(Cont.)
  • P3P Cont.
  • Might help uncover privacy gaps for websites
  • Can block cookies or prevent access to some
    sites.
  • Consumer awareness
  • Built into IE 6.0 and Netscape 7 as of July 2002

13
Policy Tools(Cont.)
  • Conclusions
  • Users are unaware of Privacy Policies
  • Not all websites have Policy tools
  • Need automated checks to see if websites are
    following their privacy policy

14
PETs
  • Intro
  • Encryption Tools
  • Policy Tools
  • Filtering Tools
  • Anonymous Tools
  • Conclusion

15
Filtering Tools
  • Some Types
  • SPAM filtering
  • Cookie Cutters
  • Spyware killers

16
Filtering Tools (Cont.)
  • SPAM Filters
  • Problems
  • Spammers use new technologies to defeat filters
  • Legitimate E-mailers send SPAM resembling E-mail

17
Filtering Tools(Cont.)
  • SPAM Filters (cont.)
  • Possible Solution
  • E-Mail postage scheme
  • Infeasible solution
  • Tough to impose worldwide
  • Need homogenous technology for all parties
  • Policy responsibility is unclear (Who will police
    it?)

18
Cookie Cutters
  • Programs that prevent browsers from exchanging
    cookies
  • Can block
  • Cookies
  • Pop-ups
  • http headers that reveal sensitive info
  • Banner ads
  • Animated graphics

19
Cookie Cutters(cont.)
  • Spyware killers
  • Programs that gather info and send it to websites
  • Downloaded without user knowledge

20
Filtering Tools (cont.)
  • Conclusions
  • New technologies are created everyday
  • Tough to distinguish SPAM
  • Need for a universal organization
  • People are ignorant about the use of cookies

21
PETs
  • Intro
  • Encryption Tools
  • Policy Tools
  • Filtering Tools
  • Anonymous Tools
  • Conclusion

22
Anonymous Tools
  • Enable users to communicate anonymously
  • Masks the IP address and personal info
  • Some use 3rd party proxy servers
  • Strips off user info and sends it to websites
  • Not helpful for online transactions
  • Expensive

23
Anonymous Tools(Cont.)
  • Types of Anonymizer Technologies
  • Autonomy Enhancing (Anonymizer)
  • Seclusion Enhancing (iPrivacy)
  • Property Managing (.NET Passport)

24
Anonymous Tools(Cont.)
  • Autonomy Enhancing Technology
  • Examples
  • Anonymizer, Freedom by Zero Knowledge
  • No user Information is stored
  • User has complete control

25
Anonymous Tools(cont.)
26
Anonymous Tools (Cont.)
  • Anonymizer
  • Originally a student project from CMU
  • One of the first PETs
  • Not concerned with transaction security
  • Provides anonymity by
  • Routing through a proxy server
  • Software to manage security at the PC level
    (cookies, spyware, )

27
Anonymous Tools(Cont.)
  • Anonymizer (Cont.)
  • Can be purchased for 30-70
  • Cant lose password
  • Services
  • Customize privacy for each site
  • Erases cookies and log files, pop-up blocker,
    Spyware killer, unlisted IP
  • Reports
  • ISP service

28
Anonymous Tools (Cont.)
  • Seclusion Enhancing Technologies
  • Examples
  • iPrivacy, Incogno SafeZone
  • Target Transaction processing companies
  • Trusted third party who promises not to contact
    the customer
  • Consumer remains the decision maker

29
Anonymous Tools (cont.)
30
Anonymous Tools(Cont.)
  • Seclusion Enhancing Technologies
  • Keeps limited data (dispute resolution)
  • Transaction by transaction basis
  • Customers can choose to not give any data to
    merchants

31
Anonymous Tools (Cont.)
  • iPrivacy
  • Intermediary for users and companies
  • Doesnt have the ability to look at all user data
  • Cannot map transactions to user info.
  • Each transaction needs to have personal info
    filled out.

32
Anonymous Tools(Cont.)
  • iPrivacy(cont.)
  • Customer Downloads software (client-side software
    for shipping and Credit Card companies)
  • Licensed to Credit Card and Shipping Companies

33
Anonymous Tools(Cont.)
  • iPrivacy (cont.)
  • Avoids replay attacks for CC companies
  • Allows users to end associations with merchants

34
Anonymous Tools (Cont.)
  • iPrivacy (cont.)
  • Privacy Policy
  • Never sees the consumers name or address
  • Ensures only CC and shipping companies see data
  • iPrivacy works as a one-way mirror
  • PII filter satisfies HIPAA requirements

35
Anonymous Tools (cont.)
  • Property Managing Technology
  • Example
  • .NET Passport
  • All user data is kept by the provider
  • Consumer doesnt directly communicate with the
    merchant

36
Anonymous Tools (cont.)
37
Anonymous Tools (cont.)
  • Property Managing Technology (cont.)
  • Consumers control rights are surrendered for
    service
  • Potential for misuse of data
  • User gives agency rights to the provider(no
    direct contact with merchant)

38
Anonymous Tools (cont.)
  • .NET Passport
  • Single login service
  • Customers personal info is contained in the
    Passport profile.
  • Name, E-mail, state, country, zip, gender, b-day,
    occupation, telephone
  • Controls and logs all transactions

39
Anonymous Tools (cont.)
  • .NET Passport
  • Participating sites can provide personalized
    services
  • Merchants only get a Unique ID.
  • Participants
  • Ebay, MSN, Expedia, NASDAQ, Ubid.com

40
Anonymous Tools (cont.)
  • .NET Passport
  • Privacy Policy
  • member of TRUSTe privacy program
  • Will not sell or rent data
  • Some sites may require additional info
  • Doesnt monitor the privacy policies of .NET
    participants
  • Data is stored in controlled facilities

41
Anonymous Tools(cont.)
  • .NET Passport
  • Uses industry-standard security technologies to
    encrypt data
  • Uses cookies (Cant use .NET if you decline)
  • Microsoft has the right to store or process your
    data in the US or in another country.
  • Abides by the Safe Harbor framework (collection
    of data from the EU)

42
Anonymous Tools (cont.)
  • Conclusions
  • identity is secured through proxy servers
  • Give up privacy for convenience (.NET)
  • Fairly cheap (some free)

43
PETs
  • Intro
  • Encryption Tools
  • Policy Tools
  • Filtering Tools
  • Anonymous Tools
  • Conclusion

44
Conclusion
  • Trade-off Privacy vs. Convenience
  • People want free privacy
  • None of these tools are good enough by themselves
  • Technology that ensures the website is following
    its policy
  • Need for an universal organization
Write a Comment
User Comments (0)
About PowerShow.com