Presentation is loading. Please wait.

Presentation is loading. Please wait.

Annual Workshop February 5th, 2014. A Formal Approach to Analyze Privacy in Electronic Services MSEC Koen Decroix [Koen Decroix – MSEC - KU Leuven]

Published byDaniela Tiffany Miles Modified over 8 years ago

Similar presentations

Presentation on theme: "Annual Workshop February 5th, 2014. A Formal Approach to Analyze Privacy in Electronic Services MSEC Koen Decroix [Koen Decroix – MSEC - KU Leuven]"— Presentation transcript:

1 Annual Workshop February 5th, 2014

2 A Formal Approach to Analyze Privacy in Electronic Services MSEC Koen Decroix [Koen Decroix – MSEC - KU Leuven]

3 Outline Introducing Privacy in Loyalty Services Conceptual model of inShopnito Framework for Formal Reasoning on Privacy Privacy Analysis of inShopnito Conclusions 3

4 4 Introducing Privacy in Loyalty Systems

5 5 Ever wondered what companies know about you?

6 6 … Max Schrems, an Austrian student, did! Now he sues Facebook for their data practices on the personal data they collected about him.

7 7 Once, there were small local family-run stores binding customers with …

8 8 … with the years, they were replaced by big chains also binding customers …

9 9 Authenticate Share your shopping activities with friends on Facebook For the convenience of their customers, loyalty services evolved to electronic services integrated with other online (third-party) services. Is this the full story?

10 10 When registering to such services, you agreed with their terms and policies and gave them your consent for collecting, processing, and forwarding your personal data. Not transparent to users

11 11 Your past online activities leave non-erasable, possibly harmful, traces behind and might get spread around.

12 12 Citizens must be protected for these data practices. This is where the European data protection legislation comes into play.

13 … designers have to consider multiple types of requirements Complex 13

14 14 Need for formal modeling, as a support during design of composite services.

15 15 Privacy analysis is based on user profiles built from the formal models. Its feedback must be useful for system designers and users as well.

16 16 Conceptual Model of inShopnito

17 17 Collecting loyalty points at first glance.

18 18 From specifications of service providers’ data practices (= service policies), we can derive that … … but looking into more detail …

19 19

20 20 Conceptual model of inShopnito

21 21 Framework for Formal Reasoning on Privacy

22 Input Model Identifiers linked to an individual System User 22

23 Conclusions Logic Component Vocabulary (Concepts) Vocabulary (Concepts) Behavior Inference Rules System Independent Model Input Model Identifiability Model User ModelSystem Model Trust Perception Credentials Profiles Identities Pseudonyms Initial State Organizations Services Service Policies Access Control Storage Distribution Output Theory

24 24 Privacy Analysis of inShopnito

25 25 Privacy Analysis - Feedback Linkabilities Collaborations Attributes & Violations

26 26 inShopnito modeled for two user types No trust in organizations Trusts Grocery Store Loyalty Program Provider inShopnito Advertisers are not trusted Loyalty credential: Idemix  what if X509 is used?

27 27 inShopnito modeled for two user types data Collaborations = { ? } Identifiable

28 28 Linkabilities in inShopnito Scan Product No Collab GS LPX509 Grocery StoreAnonPseudo Ident inShopnitoAnonPseudo Ident Loyalty ProviderAnonPseudo Ident AdvertiserAnonPseudo Ident

29 Detect Violations in inShopnito 29 Advertisers not allowed to have the customer’s his: 1.Name 2.Address 3.eMail address Violations of rules 1, 2, 3 are found only in case a X509 certificate is used in case of the user model

30 30 Conclusions

31 It is a formal approach to analyze privacy  power to prove properties Approach is useful during service design – privacy by design is one of the principles in EU reform of data protection legislation. – analyzing linkabilities, collaborations, attributes in user profiles. – verify compliance with legislative and corporate level rules (detecting violations). Approach is useful for education of people – EU reform of data protection  authorities get the task to educate people. E.g., model a user that participates to a survey about Facebook. Afterwards, perform a privacy analysis based on his assumptions and present him the difference between what he thinks and what can happen. 31

32 32 Questions

33 Scan Product Show Info Checkout Update Points Get Price Payment Advertisers Print Ticket Add To Temporary Profile Collect Points Purchase History DoB Product Loyalty Credential Name,Address, DoB,Gender, eMail Grocery StoreinShopnitoLoyalty Provider Conceptual model of inShopnito Product

Download ppt "Annual Workshop February 5th, 2014. A Formal Approach to Analyze Privacy in Electronic Services MSEC Koen Decroix [Koen Decroix – MSEC - KU Leuven]"

Similar presentations

RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.

RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.
SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.

SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.
Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.

Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
Secure Communication Architectures.

Secure Communication Architectures.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Building and Analyzing Social Networks Web Data and Semantics in Social Network Applications Dr. Bhavani Thuraisingham February 15, 2013.

Building and Analyzing Social Networks Web Data and Semantics in Social Network Applications Dr. Bhavani Thuraisingham February 15, 2013.
PRODUCT FOCUS 4/14/14 – 4/25/14 INTRODUCTION Our Product Focus for the next two weeks is Microsoft Office 365. Office 365 is Microsoft’s most successful.

PRODUCT FOCUS 4/14/14 – 4/25/14 INTRODUCTION Our Product Focus for the next two weeks is Microsoft Office 365. Office 365 is Microsoft’s most successful.
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.

PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.
SOLVE THE PROBLEM OF IDENTITY THEFT An online, real-time solution for KYC, POPI, RICA and FICA compliance May 2015 www.fidescloud.co.za.

SOLVE THE PROBLEM OF IDENTITY THEFT An online, real-time solution for KYC, POPI, RICA and FICA compliance May
MIS625 Session #3. Outline Porter paper –Note process orientation via competitive forces and value chain –Tie to Peter Keen slides Information Economy.

MIS625 Session #3. Outline Porter paper –Note process orientation via competitive forces and value chain –Tie to Peter Keen slides Information Economy.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
Legal European Aspects of Digital Rights Management © Abdullah Sherbini 2006 بسم الله الرحمن الرحيم.

Legal European Aspects of Digital Rights Management © Abdullah Sherbini 2006 بسم الله الرحمن الرحيم.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Bootstrapping Privacy Compliance in Big Data System Shayak Sen, Saikat Guha et al Carnegie Mellon University Microsoft Research Presenter: Cheng Li.

Bootstrapping Privacy Compliance in Big Data System Shayak Sen, Saikat Guha et al Carnegie Mellon University Microsoft Research Presenter: Cheng Li.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
1. 2 ECRF survey - Electronic signature Mr Yves Gonner Luxembourg, June 12, 2009.

1. 2 ECRF survey - Electronic signature Mr Yves Gonner Luxembourg, June 12, 2009.
The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.

The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.
July 25, 2005 PEP Workshop, UM 2005 1 A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

Similar presentations

Ads by Google