DOC PREVIEW
USC CSCI 530 - 4.5

This preview shows page 1-2-3-4-5-6 out of 17 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

What TC Can and Can’t DoSlide 2Slide 3What is Privacy?Security v. PrivacyDebate on AttributionPrivacy is Not the Only ConcernYou Are Being TrackedYou Are Being TrackedWhy Should You Care?Aggregation of DataAnonymization of DataTraffic AnalysisInformation for Traffic AnalysisNetwork Trace SharingSanitizationAttack ClassesGuarantee that EK is safe Yes because it is stored in and used by hw onlyNo because it can be obtained if someone has physical access but this can be detected by user or remote system (tamper bit is set in TPM)Guarantee that no keys can be compromisedNo, keys that go to OS and are used by sw can still be compromisedGuarantee that applications cannot be changed or compromisedNo, I can only detect compromise by comparing hashes of apps in hwWhat TC Can and Can’t DoGuarantee that no rootkits can reside on the systemNo, but we can detect compromise by comparing hashes of OS files in hwGuarantee that applications cannot interfere with each otherYes, due to OS separationGuarantee data safety on diskYes, we can encrypt data separately for each virtual system and we can encrypt the whole diskNo, because encryption happens in swWhat TC Can and Can’t DoPrivacyWhat is Privacy? Privacy is about PIIIt is primarily a policy issuePrivacy is an issue of user educationoMake sure users are aware of the potential use of the information they provideoGive the user controlPrivacy is a security issueoSecurity is needed to implement the policySecurity v. Privacy Sometimes conflictingoMany security technologies depend on identificationoMany approaches to privacy depend on hiding one’s identitySometimes supportiveoPrivacy depends on protecting PII (personally identifiable information)oPoor security makes it more difficult to protect such informationDebate on Attribution How much low level information should be kept to help track down cyber attacksoSuch information can be used to breach privacy assurancesoHow long can such data be keptPrivacy is Not the Only ConcernBusiness ConcernsoDisclosing Information we think of as privacy-related can divulge business plans▪Mergers▪Product plans▪InvestigationsSome “private” information is used for authenticationoSSNoCredit card numbersYou Are Being Tracked LocationoFrom IP addressoFrom Cell PhonesoFrom RFIDInterests, Purchase History, Political/Religious AffiliationsoFrom RFIDoFrom transaction detailsoFrom network and server tracesYou Are Being Tracked AssociatesoFrom network, phone, email recordsoFrom location based informationHealth InformationoFrom PurchasesoFrom location based informationoFrom web historyAren’t the only ones that need to be concerned about privacy the ones that are doing things that they shouldn’t?Consider the following:oUse of information outside original contextCertain information may be omittedoImplications may be mis-representedoInference of data that is sensitiveoData can be used for manipulationWhy Should You Care?Aggregation of Data Consider whether it is safe to release information in aggregateoSuch information is presumably no longer personally identifiableoBut given partial information, it is sometimes possible to derive other information by combining it with the aggregated data.Anonymization of Data Consider whether it is safe to release information that has been stripped of so called personal identifiersoSuch information is presumably no longer personally identifiable•What is important is not just anonymity, but linkability•If I can link multiple queries, I might be able to infer the identity of the person issuing the query through one query, at which point, all anonymity is lostTraffic Analysis Even when specifics of communication are hidden, the mere knowledge of communication between parties provides useful information to an adversaryoE.g. pending mergers or acquisitionsoRelationships between entitiesoCreated visibility of the structure of an organizationsoAllows some inference about interestsInformation for Traffic Analysis Lists of the web sites you visitEmail logsPhone recordsPerhaps you expose the linkages through web sites like linked inConsider what information remains in the clear when you design security protocolsNetwork Trace SharingResearchers need network data oTo validate their solutionsoTo mine and understand trendsSharing network data creates necessary diversityoEnables generalization of resultsoCreates a lot of privacy concernsoVery few public traffic trace archives(CAIDA, WIDE, LBNL, ITA, PREDICT, CRAWDAD, MIT DARPA)SanitizationRemove or obscure (anonymize) sensitive dataoRemove packet contents and application headersoAnonymize IP addressesPositional - anonymize in order of appearance. Inconsistent and lose information about networksCryptographic - anonymize by encrypting with a key. Consistent but still lose information about networks.Prefix-preserving - cryptographic approach is applied to portions of IP separately to preserve network information.Sanitization loses a lot of data - application headers, contents, IP addressesoThis is acceptable for some research but not for allSanitized data still has sensitive informationAttack ClassesPassive attackeroObserve publicly released traceoUse some public or private auxiliary information to infer private dataActive attackeroInsert traffic during trace collectionoIdentify this traffic later in public traceThis creates an auxiliary information channelCan learn what method was used to obscure private dataCan verify presence or absence of data items with same/similar values in other recordsoProvider cannot identify injected trafficCovert channel


View Full Document

USC CSCI 530 - 4.5

Download 4.5
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view 4.5 and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view 4.5 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?