Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 17 Page 1 CS 236 Online Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Published byGavin Mason Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 17 Page 1 CS 236 Online Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher."— Presentation transcript:

1 Lecture 17 Page 1 CS 236 Online Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

2 Lecture 17 Page 2 CS 236 Online Privacy Data privacy issues Network privacy issues Some privacy solutions

3 Lecture 17 Page 3 CS 236 Online What Is Privacy? The ability to keep certain information secret Usually one’s own information But also information that is “in your custody” Includes ongoing information about what you’re doing

4 Lecture 17 Page 4 CS 236 Online Privacy and Computers Much sensitive information currently kept on computers –Which are increasingly networked Often stored in large databases –Huge repositories of privacy time bombs We don’t know where our information is

5 Lecture 17 Page 5 CS 236 Online Privacy and Our Network Operations Lots of stuff goes on over the Internet –Banking and other commerce –Health care –Romance and sex –Family issues –Personal identity information We used to regard this stuff as private –Is it private any more?

6 Lecture 17 Page 6 CS 236 Online Threat to Computer Privacy Cleartext transmission of data Poor security allows remote users to access our data Sites we visit save information on us –Multiple sites can combine information Governmental snooping Location privacy Insider threats in various places

7 Lecture 17 Page 7 CS 236 Online Some Specific Privacy Problems Poorly secured databases that are remotely accessible –Or are stored on hackable computers Data mining by companies we interact with Eavesdropping on network communications by governments Insiders improperly accessing information Cell phone/mobile computer-based location tracking

8 Lecture 17 Page 8 CS 236 Online Do Users Care About Privacy? Evidence suggests yes, but... Not necessarily in the way researchers think –E.g., data suggests teenagers aren’t worried about privacy from hackers –They worry about privacy from their parents One must consider the actual privacy goals of users in protecting privacy

9 Lecture 17 Page 9 CS 236 Online Data Privacy Issues My data is stored somewhere –Can I control who can use it/see it? Can I even know who’s got it? How do I protect a set of private data? –While still allowing some use? Will data mining divulge data “through the back door”?

10 Lecture 17 Page 10 CS 236 Online Privacy of Personal Data Who owns data about you? What if it’s really personal data? –Social security number, DoB, your DNA record? What if it’s data someone gathered about you? –Your Google history or shopping records –Does it matter how they got it?

11 Lecture 17 Page 11 CS 236 Online Protecting Data Sets If my company has (legitimately) a bunch of personal data, What can I/should I do to protect it? –Given that I probably also need to use it? If I fail, how do I know that? –And what remedies do I have?

12 Lecture 17 Page 12 CS 236 Online Options for Protecting Data Careful system design Limited access to the database –Networked or otherwise Full logging and careful auditing Store only encrypted data –But what about when it must be used? –Key issues –Steganography

13 Lecture 17 Page 13 CS 236 Online Data Mining and Privacy Data mining allows users to extract models from databases –Based on aggregated information Often data mining allowed when direct extraction isn’t Unless handled carefully, attackers can use mining to deduce record values

14 Lecture 17 Page 14 CS 236 Online An Example of the Problem Netflix released a large database of user rankings of films –Anonymized, but each user had one random identity Clever researchers correlated the database with IMDB rankings –Which weren’t anonymized –Allowed them to match IMDB names to Netflix random identities

15 Lecture 17 Page 15 CS 236 Online Insider Threats and Privacy Often insiders need access to private data –Under some circumstances But they might abuse that access How can we determine when they misbehave? What can we do?

16 Lecture 17 Page 16 CS 236 Online Local Examples Over 120 UCLA medical center employees improperly viewed celebrities’ medical records –Between 2004-2006 Two accidental postings of private UCLA medical data in 2011 UCLA is far from the only offender

17 Lecture 17 Page 17 CS 236 Online Encryption and Privacy Properly encrypted data can only be read by those who have the key –In most cases –And assuming proper cryptography is hazardous So why isn’t keeping data encrypted the privacy solution?

18 Lecture 17 Page 18 CS 236 Online Problems With Data Encryption for Privacy Who’s got the key? How well have they protected the key? If I’m not storing my data, how sure am I that encryption was applied? How can the data be used when encrypted? –If I decrypt for use, what then?

19 Lecture 17 Page 19 CS 236 Online A Recent Case Yahoo lost 450,000 user IDs and passwords in July 2012 –The passwords weren’t encrypted –Much less salted Password file clearly wasn’t well protected, either Who else is storing your personal data unencrypted?

Download ppt "Lecture 17 Page 1 CS 236 Online Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher."

Similar presentations

Part I: Making Good Online Choices

Part I: Making Good Online Choices
Social Networking Brian Oswald

Social Networking Brian Oswald
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
CIT 1100. In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.

CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.
James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.

James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Internet Security Passwords.

Internet Security Passwords.
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.

Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.

Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
Chapter 11 Security and Privacy: Computers and the Internet.

Chapter 11 Security and Privacy: Computers and the Internet.
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.

Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.

Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.

Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.

Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.

Similar presentations

Ads by Google