Limited Disclosure of Information by qvp56346


More Info
									Personal Privacy: Limited
Disclosure using Cryptographic

          Mark Shaneck
     Karthikeyan Mahadevan
What is Privacy
   Privacy is the expectation that confidential
    personal information disclosed in a private
    place will not be disclosed to third parties,
    when that disclosure would cause either
    embarrassment or emotional distress to a
    person of reasonable sensitivities.
   Information is interpreted broadly to include
    facts, images (e.g., photographs,
    videotapes), and disparaging opinions.
Privacy Invasion – Grocery
   Using a credit card to pay for the groceries
   The credit card information should be used
    only for the payment
   What you buy should never be revealed to
   This is a bird’s eye view of the problem.
    Although not serious please visit for more
    interesting problems
A quotation
   “The Home Office caused controversy last
    year when it attempted to allow a long list of
    public authorities to access records of
    individuals' telephone and Internet usage.
    This "communications data" -- phone
    numbers and e-mail addresses contacted,
    web sites visited, locations of mobile phones,
    etc. -- would have been available without any
    judicial oversight, under the Regulation of
    Investigatory Powers Act 2000” - London
What is Limited Disclosure
   California passed a law, SB 27, requiring
    disclosure to consumers of the kinds of
    information companies collect and shared
    about them. [Takes effect from 2005]
   As the title suggests we want to limit
    disclosure of personal information
   In other words I and only I should provide
    access to my personal information.
Misuse of Personal
   On average, 49% of victims did not know
    how their information was obtained.
   Identity Theft
       27.3 million Americans have been victims of
        identity theft in the last five years
   67% of identity theft victims - more than 6.5
    million victims in the last year - report that
    existing credit card accounts were misused.
     Real Life Examples *
        Almost 10 months after the World Trade
         Center attack, a widow found out that an
         identity clone had been living and working
         using her husband's information.
        He had died during the attack.
        A mother keeps receiving collection notices
         on her daughter's credit card accounts.
        Her daughter died 17 years ago.

Other Scenarios
   ISP Customer Information
   Airlines – Passenger Information
   Medical Databases
   Of Course “Big – Brother” is omnipotent
   Personal Privacy on the Internet – is a
Privacy Policy
   Yes there is enough literature,
    documents and other resources on
    Privacy Policy
   But how many of us read the privacy
    agreements? (Has anyone really read
   Policies are really like traffic rules, but
    we still need a cop to enforce it.
   KYD’s example: AIDS website
   P3P (Platform for Privacy Preference)
   Privacy Tools
   Other resourceful websites
       Electronic Frontier Foundation
       Center for Democracy and Technology
Security in Databases
   Designing databases with privacy as a
    central concern – Hippocratic Databases
   Secure Databases – Executing SQL
    Queries over Encrypted Databases
   Encrypted Keyword Search
   There has a lot of good work done in
    this area.
Why this talk?
   For our project we initially decided that
    we will solve one part of the Hippocratic
    Databases – Limited Disclosure
   There is a solution based on P3P for
    limited disclosure
   Cryptographic Techniques to provide
    limited disclosure is the theme of our
   Kp = Pi=p to P ki (where P is some system
    parameter - length of storage
   Let h be a hash function:
        h:{0,1}* => {0,1}m{1}1
   k0 = k
   ki = h(ki-1)
Limited Disclosure - Setup
      •Chooses n = pq (p,q large primes)
  A    where p = 2x+1, q = 2y+1 (x, y large primes)
      •Chooses e, d, such that ed = 1 mod f(n)
      •Chooses Kp odd.
      •A stores meKP mod n and Kp, n with DB

Limited Disclosure Scheme
      rd mod f(n), (rKp)-1 mod f(n)
  A                                    B      rKp)(rKp)-1 mod n
               rd mod f(n)

                                      mrKp mod n


       Computes (meKp)rd mod n
     What everybody knows
Everything, of course
N, p, q, f(n), e, d, k, h                n, rd mod f(n), (rKp)-1 mod f(n)
          A                                         B

                            c, k, n, rd mod f(n)
Limited Disclosure - Key
   Every night, DB computes:
       (meK )kp   p-1

   A can now give authorization for some time in
    the future by computing the proper Kp and
       A knows that the data will change, and does not
        want to give authorization until after the change,
        but wants to give the authorization token now)
   A is mostly offline (only needed when giving
    authorization, which can be done
   A keeps DB out of the loop when changing
    “access control lists”
   Requires no authorization checking from DB.
    DB just responds to all queries with the
    encrypted data.
   Disables B from checking if cached copy of
    A’s data is still valid (after expiration of
Lines of Thought
   We think that e is used only by the
    owner of the data, can we keep this as
    a secret ?
   Is this scheme secure ?
   Can we use a symmetric key system ?
Future Work
   Collaboration attack – Can we avoid this
   Analyze the protocol for any security
   If possible provide a “Proof of security”
   Tie this with P3P
Questions .. Suggestions ?

To top