Presentation is loading. Please wait.

Presentation is loading. Please wait.

Personal Security and Privacy on the Web Prabhaker Mateti Wright State University

Published byStewart Brendan Barber Modified over 8 years ago

Similar presentations

Presentation on theme: "Personal Security and Privacy on the Web Prabhaker Mateti Wright State University"— Presentation transcript:

1 Personal Security and Privacy on the Web Prabhaker Mateti Wright State University http://www.cs.wright.edu/~pmateti/Privacy/

2 Mateti on "Personal Security and Privacy"2 J. Edgar Hoover: "Why should you care if you have nothing to hide?"

3 Mateti on "Personal Security and Privacy"3 'There are worse things than having your privacy violated... like murder.'

4 Mateti on "Personal Security and Privacy"4 "Civilization is the progress toward a society of privacy. The savage's whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men." Privacy Ayn Rand, The Fountainhead (1943) http://www.aynrand.org/

5 Mateti on "Personal Security and Privacy"5 Loss of Privacy “Consumer Relationship Management” $40 billion in 2000, $90 billion by 2003 Acxiom keeps personal and lifestyle data on 95% of U.S. households and can arrange it according to ethnicity, race or other criteria

6 Mateti on "Personal Security and Privacy"6 Loss of Privacy Web sites unknowingly send data to advertisers, June 14, 2000 E-sign bill passed by the House in a 426-4 vote. June 14,2000 “Safe Harbor" US-EU agreement offers more than American companies offer customers at home. June 12, 2000

7 Mateti on "Personal Security and Privacy"7 Loss of Privacy New breed of viruses: Caligula sends data over Internet. Feb 1999. Accidental Release of Info: University of Michigan Health System, 18 MB of patient’s data; Feb 1999

8 Mateti on "Personal Security and Privacy"8 Loss of Privacy FTC surveyed 1400 web sites: 92% collect personal info; only 14% notify users; only 2% have a privacy policy; June 1998 Example: www.engage.com has garnered 30 million user profiles; Aug 1998.

9 Mateti on "Personal Security and Privacy"9 Your Privacy and Security is Compromised... When you e-mail when you surf the Web when you have a home page

10 Mateti on "Personal Security and Privacy"10 Your Privacy and Security is Compromised... When your PC is on-line When your PC is idle...

11 Mateti on "Personal Security and Privacy"11 92.2 million Americans over age 16 an increase of 14 million from the 1998 CommerceNet/Nielsen survey on Internet Usage ( Spring 1999 )

12 Mateti on "Personal Security and Privacy"12 Connecting to the Net NIC: Ethernet Card Address Modem + PPP You are a node on the Net IP address

13 Mateti on "Personal Security and Privacy"13 Network Security Breaches All the usual breaches; in particular: A program runs on your machine without your permission You are impersonated

14 Mateti on "Personal Security and Privacy"14 Firewalls provide... Filtering of network packets to/from certain addresses and ports. Detailed logs of who accessed what, when, and for how long.

15 Mateti on "Personal Security and Privacy"15 Firewalls do not provide... Security of personal data Authentication of Individuals Anonymity Alerts when an unauthorized program runs

16 Mateti on "Personal Security and Privacy"16 Globally Unique Identifiers Each document created by Word,... has a guid. Windows install generates a guid. Registration sends this and other info.

17 Mateti on "Personal Security and Privacy"17 Pentium III “designed with the Internet in mind” The PSN (processor serial number) is built into the silicon chip during manufacturing

18 Mateti on "Personal Security and Privacy"18 Intel Assures... the serial number can be turned off with a utility to develop tools and guidelines on the responsible use of the processor serial number. it will not maintain a database that correlates processor serial numbers with consumers

19 Mateti on "Personal Security and Privacy"19 Fact Is... the serial number can be turned on with a remote utility (ActiveX,...)

20 Mateti on "Personal Security and Privacy"20 Zero knowledge demo

21 Mateti on "Personal Security and Privacy"21 Processor Serial Number Intel has not removed the PSN from its P3. Intel admitted that some Pentium II chips contain the PSN. Intel will not include a PSN in its upcoming chip.

22 Mateti on "Personal Security and Privacy"22 Give yourself privacy in electronic communications Understand the scientific basis for privacy: Cryptography.

23 Mateti on "Personal Security and Privacy"23 Security of Content No observer can read the contents of the message No observer can identify the sender and receiver

24 Mateti on "Personal Security and Privacy"24 Integrity of Message the message has not changed the message has not been prevented from reaching the recipient

25 Mateti on "Personal Security and Privacy"25 Sender and Receiver Only the intended recipient receives the message The message is sent by the claimed sender The sender cannot deny The recipient cannot deny

26 Mateti on "Personal Security and Privacy"26 www.EPIC.org Guide to Practical Privacy Tools »Snoop Proof Email »Anonymous Remailers »Surf Anonymously »HTML Filters »Cookie Busters »Voice Privacy »Email and File Privacy »Encryption »Disk/File Erasing Programs »PC Firewalls

27 Mateti on "Personal Security and Privacy"27 PGP “Pretty Good Privacy” Uses two coupled keys:Public key published; Private key kept secret Plug-ins for many e-mail packages File storage applications also

28 Mateti on "Personal Security and Privacy"28 Anonymizers Everything you do on the Web can be attributed to you. Anonymizer.com “Privacy is your right” Search on “anonymous remailers”

29 Mateti on "Personal Security and Privacy"29 SSL “Secure Sockets Layer” 2.0 3.0 Transport layer authenticated: servers, always; clients, optionally uses encryption

30 Mateti on "Personal Security and Privacy"30 HTTPS Secure HTTP application protocol Client/Server Authentication Spontaneous Encryption Request/Response Non-repudiation

31 Mateti on "Personal Security and Privacy"31 Privacy Checklist Minimize the information that you put in your mail signature files. Reconsider what you have in your personal web pages. Consider what information you give out to web sites.

32 Mateti on "Personal Security and Privacy"32 Privacy Checklist Search the people locators to find out what sites list your personal information. Have yourself removed from spam mailing lists. Your posts on a newsgroup or mailing list can imply a great deal about you.

33 Mateti on "Personal Security and Privacy"33 Privacy Checklist Frequently delete your browser's history and cache files. Understand cookies. Use PGP.

34 Mateti on "Personal Security and Privacy"34 Privacy Checklist Do not use “What’s Related?” Do not use “Show Related Links” Apply MS Office patches to remove GUID feature. Remove GUIDs from existing documents.

35 Mateti on "Personal Security and Privacy"35 Cookies A text file on your HDD that a browser creates at the request of a web site Can contain arbitrary data Not meaningfully editable by you (?!)

36 Mateti on "Personal Security and Privacy"36 Mateti’s Cookies

37 Mateti on "Personal Security and Privacy"37 MRU, … “Most Recently Used” items TweakUI from MS more properties, www.imaginary.co.za www.xteq.com

38 Mateti on "Personal Security and Privacy"38 TweakUI

39 Mateti on "Personal Security and Privacy"39 MoreProperties

40 Mateti on "Personal Security and Privacy"40 If you want privacy in the electronic age... You have to give it to yourself. Your employer will not give it to you. Your government will not give it to you. Even the laws of your nation cannot be relied upon to give it to you.

41 Mateti on "Personal Security and Privacy"41 Fourth Amendment The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

42 Mateti on "Personal Security and Privacy"42 Art 12: Universal Declaration of Human Rights “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks."

43 Mateti on "Personal Security and Privacy"43 Loss of Privacy "You already have zero privacy -- get over it." Scott McNealy, 1999, Sun

44 Mateti on "Personal Security and Privacy"44 Get Over It? "First they came for the hackers. But I never did anything illegal with my computer, so I didn't speak up. Then they came for the pornographers. But I thought there was too much smut on the Internet anyway, so I didn't speak up. Then they came for the anonymous remailers. But a lot of nasty stuff gets sent from anon.penet.fi, so I didn't speak up. Then they came for the encryption users. But I could never figure out how to work PGP anyway, so I didn't speak up. Then they came for me. And by that time there was no one left to speak up." -- Unknown

45 Mateti on "Personal Security and Privacy"45 FBI is asking Congress for the right to view the encrypted computer files of consumers,... -- without the owner's knowledge.

46 Mateti on "Personal Security and Privacy"46 ACLU: Privacy Principles Your personal information should never be collected or disseminated without your knowledge and permission. Organizations must let you know why they're collecting your information; and they can't use it for other reasons than the one you granted permission for (unless they get a second permission from you)

47 Mateti on "Personal Security and Privacy"47 ACLU: Privacy Principles Organizations must ensure the privacy of the personal information they collect or maintain on you, retaining only what is necessary information and only for as long as it is needed. You should have the right to examine, copy, and correct your own personal information.

48 Mateti on "Personal Security and Privacy"48 ACLU: Privacy Principles There must be no national ID system -- either in law or in practice Unrelated data bases must be kept strictly separate so information can't be cross- referenced. Personal "biometric" data -- your fingerprints, DNA, retina or iris scans, etc. -- must not be involuntarily captured or used (except for fingerprinting criminals).

49 Mateti on "Personal Security and Privacy"49 ACLU: Privacy Principles The government must not prohibit or interfere with the development of technologies that protect privacy (such as encryption). These principles should be enforceable by law. Furthermore, no service, benefit, or transaction should be conditioned on waiving your privacy rights.

50 Mateti on "Personal Security and Privacy"50 Get Over It? Write your local elected officials and tell them you want stronger laws to protect your privacy. "Cyberspace must be free!" http://aclu.org/

51 Mateti on "Personal Security and Privacy"51 Recommended Reading: “Database Nation” by Simson L. Garfinkel, http://simson.net/2048/ Chapter 1: Introduction to the US Edition Chapter 2: Database Nation Chapter 3: What Did You Do Today? Chapter 4: Absolute Identification Chapter 5: Nevermore a Lost Pen Chapter 6: The Body’s Own Privacy Chapter 7: Buy Now! Chapter 8: Who Owns Your Information? Chapter 9: Crooks, Kooks and Terrorists. Chapter 10: Excuse Me, But Are You Human? Chapter 11: The New Privacy Bibliography

Download ppt "Personal Security and Privacy on the Web Prabhaker Mateti Wright State University"

Similar presentations

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Internet Privacy Jillian Brinberg, Maggie Kowalski, Sylvia Han, Isabel Smith-Bernstein, Jillian Brinberg.

Internet Privacy Jillian Brinberg, Maggie Kowalski, Sylvia Han, Isabel Smith-Bernstein, Jillian Brinberg.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.

Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.

Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Similar presentations

Ads by Google