Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 16 Page 1 CS 136, Fall 2014 Privacy Computer Security Peter Reiher December 11, 2014.

Published byErica Pearson Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 16 Page 1 CS 136, Fall 2014 Privacy Computer Security Peter Reiher December 11, 2014."— Presentation transcript:

1 Lecture 16 Page 1 CS 136, Fall 2014 Privacy Computer Security Peter Reiher December 11, 2014

2 Lecture 16 Page 2 CS 136, Fall 2014 Privacy Data privacy issues Network privacy issues Some privacy solutions

3 Lecture 16 Page 3 CS 136, Fall 2014 What Is Privacy? The ability to keep certain information secret Usually one’s own information But also information that is “in your custody” Includes ongoing information about what you’re doing

4 Lecture 16 Page 4 CS 136, Fall 2014 Privacy and Computers Much sensitive information currently kept on computers –Which are increasingly networked Often stored in large databases –Huge repositories of privacy time bombs We don’t know where our information is

5 Lecture 16 Page 5 CS 136, Fall 2014 Privacy and Our Network Operations Lots of stuff goes on over the Internet –Banking and other commerce –Health care –Romance and sex –Family issues –Personal identity information We used to regard this stuff as private –Is it private any more?

6 Lecture 16 Page 6 CS 136, Fall 2014 Threat to Computer Privacy Cleartext transmission of data Poor security allows remote users to access our data Sites we visit save information on us –Multiple sites can combine information Governmental snooping Location privacy Insider threats in various places

7 Lecture 16 Page 7 CS 136, Fall 2014 Some Specific Privacy Problems Poorly secured databases that are remotely accessible –Or are stored on hackable computers Data mining by companies we interact with Eavesdropping on network communications by governments Insiders improperly accessing information Cell phone/mobile computer-based location tracking

8 Lecture 16 Page 8 CS 136, Fall 2014 Data Privacy Issues My data is stored somewhere –Can I control who can use it/see it? Can I even know who’s got it? How do I protect a set of private data? –While still allowing some use? Will data mining divulge data “through the back door”?

9 Lecture 16 Page 9 CS 136, Fall 2014 Privacy of Personal Data Who owns data about you? What if it’s really personal data? –Social security number, DoB, your DNA record? What if it’s data someone gathered about you? –Your Google history or shopping records –Does it matter how they got it?

10 Lecture 16 Page 10 CS 136, Fall 2014 Protecting Data Sets If my company has (legitimately) a bunch of personal data, What can I/should I do to protect it? –Given that I probably also need to use it? If I fail, how do I know that? –And what remedies do I have?

11 Lecture 16 Page 11 CS 136, Fall 2014 Options for Protecting Data Careful system design Limited access to the database –Networked or otherwise Full logging and careful auditing Store only encrypted data –But what about when it must be used? –Key issues

12 Lecture 16 Page 12 CS 136, Fall 2014 Data Mining and Privacy Data mining allows users to extract models from databases –Based on aggregated information Often data mining allowed when direct extraction isn’t Unless handled carefully, attackers can use mining to deduce record values

13 Lecture 16 Page 13 CS 136, Fall 2014 An Example of the Problem Netflix released a large database of user rankings of films –Anonymized, but each user had one random identity Clever researchers correlated the database with IMDB rankings –Which weren’t anonymized –Allowed them to match IMDB names to Netflix random identities

14 Lecture 16 Page 14 CS 136, Fall 2014 Insider Threats and Privacy Often insiders need access to private data –Under some circumstances But they might abuse that access How can we determine when they misbehave? What can we do?

15 Lecture 16 Page 15 CS 136, Fall 2014 Local Examples Over 120 UCLA medical center employees improperly viewed celebrities’ medical records –Between 2004-2006 Two accidental postings of private UCLA medical data in 2011 UCLA is far from the only offender

16 Lecture 16 Page 16 CS 136, Fall 2014 Encryption and Privacy Properly encrypted data can only be read by those who have the key –In most cases –And assuming proper cryptography is hazardous So why isn’t keeping data encrypted the privacy solution?

17 Lecture 16 Page 17 CS 136, Fall 2014 Problems With Data Encryption for Privacy Who’s got the key? How well have they protected the key? If I’m not storing my data, how sure am I that encryption was applied? How can the data be used when encrypted? –If I decrypt for use, what then?

18 Lecture 16 Page 18 CS 136, Fall 2014 A Recent Case Yahoo lost 450,000 user IDs and passwords in July 2012 –The passwords weren’t encrypted –Much less salted Password file clearly wasn’t well protected, either Who else is storing your personal data unencrypted?

19 Lecture 16 Page 19 CS 136, Fall 2014 Steganography Another means of hiding data in plain sight In general terms, refers to embedding data into some other data In modern use, usually hiding data in an image –People have talked about using sound and other kinds of data

20 Lecture 16 Page 20 CS 136, Fall 2014 An Example Transfer $100 to my savings account Run these through outguess

21 Lecture 16 Page 21 CS 136, Fall 2014 Voila! The one on the right has the message hidden in it

22 Lecture 16 Page 22 CS 136, Fall 2014 How It Works Encode the message in the low order bits of the image Differences in these bits aren’t human- visible More sophisticated methods also work Detected by looking for unlikely patterns Often foiled by altering images Steganography designers try to be robust against these problems

23 Lecture 16 Page 23 CS 136, Fall 2014 What’s Steganography Good For? Used by some printer manufacturers to prove stuff came from them Stories of use by Al-Qaeda –No evidence of truth of stories Shady Rat attacks apparently used it to hide code to contact botnet servers Russian spies used it recently Most useful if opponents don’t suspect you’re using it

24 Lecture 16 Page 24 CS 136, Fall 2014 Steganography and Privacy If they don’t know my personal data is in my family photos, maybe it’s safe But are you sure they don’t know? –Analysis of data used to store things steganographically may show that Essentially, kind of like crypto –But without the same level of mathematical understanding

25 Lecture 16 Page 25 CS 136, Fall 2014 Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption, data values not readable So what’s the problem?

26 Lecture 16 Page 26 CS 136, Fall 2014 Traffic Analysis Problems Sometimes desirable to hide that you’re talking to someone else That can be deduced even if the data itself cannot How can you hide that? –In the Internet of today?

27 Lecture 16 Page 27 CS 136, Fall 2014 A Cautionary Example VoIP traffic is commonly encrypted Researchers recently showed that they could understand what was being said –Despite the encryption –Without breaking the encryption –Without obtaining the key

28 Lecture 16 Page 28 CS 136, Fall 2014 How Did They Do That? Lots of sophisticated data analysis based on understanding human speech –And how the application worked In essence, use size of encrypted packets and interarrival time –With enough analysis, got conversation about half right

29 Lecture 16 Page 29 CS 136, Fall 2014 Location Privacy Mobile devices often communicate while on the move Often providing information about their location –Perhaps detailed information –Maybe just hints This can be used to track our movements

30 Lecture 16 Page 30 CS 136, Fall 2014 Cellphones and Location Provider knows what cell tower you’re using With some effort, can pinpoint you more accurately In US, law enforcement can get that information just by asking –Except in California

31 Lecture 16 Page 31 CS 136, Fall 2014 Other Electronic Communications and Location Easy to localize user based on hearing 802.11 wireless signals Many devices contain GPS nowadays –Often possible to get the GPS coordinates from that device Bugging a car with a GPS receiver not allowed without warrant –For now...

32 Lecture 16 Page 32 CS 136, Fall 2014 Implications of Location Privacy Problems Anyone with access to location data can know where we go Allowing government surveillance Or a private detective following your moves Or a maniac stalker figuring out where to ambush you...

33 Lecture 16 Page 33 CS 136, Fall 2014 Another Location Privacy Scenario Many parents like to know where their children are Used to be extremely difficult Give them a smart phone with the right app and it’s trivial Good or bad?

34 Lecture 16 Page 34 CS 136, Fall 2014 A Bit of Irony To a large extent, Internet communications provide a lot of privacy –“On the Internet, no one knows you’re a dog.” But it’s somewhat illusory –Unless you’re a criminal

35 Lecture 16 Page 35 CS 136, Fall 2014 Why Isn’t the Internet Private? All messages tagged with sender’s IP address With sufficient legal authority, there are reliable mappings of IP to machine –ISP can do it without that authority Doesn’t indicate who was using the machine –But owner is generally liable

36 Lecture 16 Page 36 CS 136, Fall 2014 Web Privacy Where we visit with our browsers reveals a lot about us Advertisers and other merchants really want that information Maybe we don’t want to give it to them –Or to others But there are many technologies to allow tracking –Even to sites the tracker doesn’t control

37 Lecture 16 Page 37 CS 136, Fall 2014 Do Not Track Wouldn’t it be nice if we could ensure that web sites don’t track us? Enter the Do Not Track standard A configurable option in your web browser Which, by enabling, you might think prevents you from being tracked

38 Lecture 16 Page 38 CS 136, Fall 2014 The Problems With Do Not Track First, it’s voluntary –Web server is supposed to honor it –But will they? Second, and worse, it doesn’t mean what you think it means –Based on current definitions of the option

39 Lecture 16 Page 39 CS 136, Fall 2014 What Do Not Track Really Means What it really means is “I’ll track you anyway” “But I won’t provide you anything helpful based on the tracking” So they know what you’re doing –And they do whatever they want with that data But you don’t see targeted ads So what’s the point of Do Not Track? –A good question

40 Lecture 16 Page 40 CS 136, Fall 2014 Some Privacy Solutions The Scott McNealy solution –“Get over it.” Anonymizers Onion routing Privacy-preserving data mining Preserving location privacy Handling insider threats via optimistic security

41 Lecture 16 Page 41 CS 136, Fall 2014 Anonymizers Network sites that accept requests of various kinds from outsiders Then submit those requests –Under their own or fake identity Responses returned to the original requestor A NAT box is a poor man’s anonymizer

42 Lecture 16 Page 42 CS 136, Fall 2014 The Problem With Anonymizers The entity running it knows who’s who Either can use that information himself Or can be fooled/compelled/hacked to divulge it to others Generally not a reliable source of real anonymity

43 Lecture 16 Page 43 CS 136, Fall 2014 An Early Example A remailer service in Finland Concealed the actual email address of the sender –By receiving the mail and resending it under its own address Court order required owner of service to provide a real address –After which he shut down the service

44 Lecture 16 Page 44 CS 136, Fall 2014 Onion Routing Meant to handle issue of people knowing who you’re talking to Basic idea is to conceal sources and destinations By sending lots of crypo-protected packets between lots of places Each packet goes through multiple hops

45 Lecture 16 Page 45 CS 136, Fall 2014 A Little More Detail A group of nodes agree to be onion routers Users obtain crypto keys for those nodes Plan is that many users send many packets through the onion routers –Concealing who’s really talking

46 Lecture 16 Page 46 CS 136, Fall 2014 Sending an Onion-Routed Packet Encrypt the packet using the destination’s key Wrap that with another packet to another router –Encrypted with that router’s key Iterate a bunch of times

47 Lecture 16 Page 47 CS 136, Fall 2014 In Diagram Form SourceDestination Onion routers

48 Lecture 16 Page 48 CS 136, Fall 2014 What’s Really in the Packet An unencrypted header to allow delivery to

49 Lecture 16 Page 49 CS 136, Fall 2014 Delivering the Message

50 Lecture 16 Page 50 CS 136, Fall 2014 What’s Been Achieved? Nobody improper read the message Nobody knows who sent the message –Except the receiver Nobody knows who received the message –Except the sender Assuming you got it all right

51 Lecture 16 Page 51 CS 136, Fall 2014 Issues for Onion Routing Proper use of keys Traffic analysis Overheads –Multiple hops –Multiple encryptions

52 Lecture 16 Page 52 CS 136, Fall 2014 Tor The most popular onion routing system Widely available on the Internet Using some of the original onion routing software –Significantly altered to handle various security problems Usable today, if you want to IETF is investigating standard for Tor

53 Lecture 16 Page 53 CS 136, Fall 2014 Why Hasn’t Tor Solved This Privacy Problem? First, the limitations of onion routing Plus usability issues –Tor’s as good as it gets, but isn’t that easy to use Can’t help if a national government disapproves –China and other nations have prohibited Tor’s use

54 Lecture 16 Page 54 CS 136, Fall 2014 Can’t I Surreptitiously Run Tor? Can’t I get around government restrictions by just not telling them? No –Tor routers must know each others’ identities –Traffic behavior of Tor routers “glows in the dark” –Tor developers keep trying

55 Lecture 16 Page 55 CS 136, Fall 2014 Privacy-Preserving Data Mining Allow users access to aggregate statistics But don’t allow them to deduce individual statistics How to stop that?

56 Lecture 16 Page 56 CS 136, Fall 2014 Approaches to Privacy for Data Mining Perturbation –Add noise to sensitive value Blocking –Don’t let aggregate query see sensitive value Sampling –Randomly sample only part of data

57 Lecture 16 Page 57 CS 136, Fall 2014 Preserving Location Privacy Can we prevent people from knowing where we are? Given that we carry mobile communications devices And that we might want location- specific services ourselves

58 Lecture 16 Page 58 CS 136, Fall 2014 Location-Tracking Services Services that get reports on our mobile device’s position –Probably sent from that device Often useful –But sometimes we don’t want them turned on So, turn them off then

59 Lecture 16 Page 59 CS 136, Fall 2014 But... What if we turn it off just before entering a “sensitive area”? And turn it back on right after we leave? Might someone deduce that we spent the time in that area? Very probably

60 Lecture 16 Page 60 CS 136, Fall 2014 Handling Location Inferencing Need to obscure that a user probably entered a particular area Can reduce update rate –Reducing certainty of travel Or bundle together areas –Increasing uncertainty of which was entered

61 Lecture 16 Page 61 CS 136, Fall 2014 So Can We Have Location Privacy? Not clear An intellectual race between those seeking to obscure things And those seeking to analyze them Other privacy technologies (like Tor) have the same characteristic

62 Lecture 16 Page 62 CS 136, Fall 2014 The NSA and Privacy 2013 revelations about NSA spying programs changed conversation on privacy The NSA is more heavily involved in surveillance than previously believed What are they doing and what does that mean for privacy?

63 Lecture 16 Page 63 CS 136, Fall 2014 Conclusion Privacy is a difficult problem in computer systems Good tools are lacking –Or are expensive/cumbersome Hard to get cooperation of others Probably an area where legal assistance is required

Download ppt "Lecture 16 Page 1 CS 136, Fall 2014 Privacy Computer Security Peter Reiher December 11, 2014."

Similar presentations

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
1 Securing Information Transmission by Redundancy Jun LiPeter ReiherGerald Popek Computer Science Department UCLA NISS Conference October 21, 1999.

1 Securing Information Transmission by Redundancy Jun LiPeter ReiherGerald Popek Computer Science Department UCLA NISS Conference October 21, 1999.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.

Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.

Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.
Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University.

Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University.
Lecture 8 Page 1 Advanced Network Security Review of Networking Basics: Internet Architecture, Routing, and Naming Advanced Network Security Peter Reiher.

Lecture 8 Page 1 Advanced Network Security Review of Networking Basics: Internet Architecture, Routing, and Naming Advanced Network Security Peter Reiher.
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.

Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.
Chloe Miles IMPROVING PRODUCTIVITY USING IT. Menu Using Word Advantages Disadvantages Conclusion E-Safety Social Media Dangers of Social Media Sites Staying.

Chloe Miles IMPROVING PRODUCTIVITY USING IT. Menu Using Word Advantages Disadvantages Conclusion E-Safety Social Media Dangers of Social Media Sites Staying.
1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.

1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.
Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,

Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

Similar presentations

Ads by Google