Protection .

Uploaded on:
Morals and Policy issues in Computing Carnegie Mellon University Spring 2008 ... Morals and Policy issues in Computing Carnegie Mellon University Spring 2008 ...
Slide 1

Protection – Personalization, RFIDs, Surveilance, and Encryption Week 6 - February 19, 21

Slide 2

Privacy dangers from personalization

Slide 3

Unsolicited promoting Desire to evade undesirable showcasing causes a few people to abstain from giving out individual data

Slide 4

My PC can "make sense of things about me" The little individuals inside my PC may know it\'s me… … and they may tell their companions

Slide 5

Inaccurate inductions "My TiVo supposes I\'m gay!"

Slide 6

Surprisingly precise derivations Everyone needs to be caught on. Nobody needs to be known.

Slide 7

You imagined that on the Internet no one knew you were a pooch… … however then you began getting customized promotions for your most loved brand of puppy nourishment

Slide 8

Price separation Concerns about being charged higher costs Concerns about being dealt with in an unexpected way

Slide 9

Revealing private data to different clients of a PC Revealing information to relatives or associates Gift beneficiary finds out about blessings ahead of time Co-laborers find out around a therapeutic condition Revealing insider facts that can open numerous records Passwords, answers to mystery questions, and so forth

Slide 10

Exposing privileged insights to offenders Stalkers, character hoodlums, and so forth. Individuals who break into record might have the capacity to get to profile information People might have the capacity to test recommender frameworks to learn profile data connected with different clients

Slide 11

Subpoenas Records are regularly subpoenaed in patent debate, youngster care cases, common case, criminal cases

Slide 12

Privacy obtrusive innovations Location following (mobile phones, GPS gadgets that telephone home, and so on.) RFID Transit cards Computer programming that telephones home Devices that telephone home Video cameras (concealed cameras, PDAs) Personalized ecommerce destinations Automobile information recorders Face acknowledgment

Slide 13

The Global Positioning System (GPS) Radio-route framework worked by US DoD Comprised of 24 satellites and 5 ground stations Uses satellites to triangulate and figure 3D position from 4 satellite signs Receivers listen for radio reference points and triangulate their position Typical exactness in meters, cm precision conceivable DoD purposefully corrupted precision until May 2000 One-way framework Use other framework to report area back Does not work inside

Slide 14

Radio-recurrence recognizable proof (RFID) Tags Antenna attached to little silicon chip embodied in glass or plastic (as little as grain of rice) Unpowered (latent) labels and controlled (dynamic) labels Readers Broadcast vitality to labels, making labels communicate information Energy from perusers can likewise control locally available sensors or cause tag to compose new information to memory Read runs at present a couple of centimeters up to a couple meters Source: Sixwise

Slide 15

Current and close term employments of RFID Automobile immobilizers Animal following Building closeness cards Payment frameworks Automatic toll accumulation Inventory administration (generally at bed level) Prevent drug duplicating Passports

Slide 16

Electronic Product Code Standard oversaw by EPCglobal Relatively little labels Inexpensive No encryption, constrained security Kill highlight Password highlight Designed to supplant UPC scanner tags 96-bit+ serial number Object Name Service (ONS) database worked by EPCglobal

Slide 17

Post-deal utilizes Read item marks to visually impaired individuals Sort bundling for reusing Provide clothing guidelines to washer, dryer, cleaner Allow keen cooler to naturally create shopping records and caution about terminated things and reviews Allow brilliant storage room to propose outfits Simplify item returns

Slide 18

Privacy worries with EPCs? What are the security dangers? What are conceivable arrangements? What are the restrictions of these arrangements?

Slide 19

Building vicinity cards Used for access control to structures Many prox cards have no security includes Easily clonable, even remotely Can be perused through somebody\'s pocket or from longer separations while card is being perused by genuine peruser Solutions include adding crypto to cards

Slide 20

RFID installment frameworks Gas station keyfobs Coming soon to the real Visas in your wallet Chase "Flicker" card Can be perused from around 20 cm Integrated into watches and PDAs Main favorable position is to spare time Don\'t need to swipe machine Don\'t require signature Crypto used to avert cloning, however JHU analysts showed how to break SpeedPass

Slide 21

Engineering protection Privacy by approach Privacy by design

Slide 23

Black Boxes Where are these found? Question gets to be who has control and access to the data? What protection uses would you be able to predict?

Slide 24

Research and Communication Skills Organizing an exploration paper Decide in advance what the purpose of your paper is and stay engaged as you compose Once you have settled on the primary point, pick a title Start with a framework Use various levels of headings (typically 2 or 3) Don\'t meander!

Slide 25

Research and Communication Skills Typical paper association Abstract Short rundown of paper Introduction Motivation (why this work is intriguing/vital, not your own inspiration) Background and related work Sometimes some portion of presentation, once in a while two areas Methods What you did In a frameworks paper you may have framework configuration and assessment segments rather Results What you discovered Discussion Also called Conclusion or Conclusions May incorporate conclusions, future work, talk of implications,etc. References Appendix Stuff not crucial to comprehension the paper, but rather valuable, particularly to those attempting to duplicate your outcomes - information tables, proofs, overview frames, and so forth. These areas might be diverse in your papers

Slide 26

Research and Communication Skills Road map Papers longer than a couple pages ought to have a "guide" so perusers know where you are going Road delineate comes toward the end of the presentation Tell them what you are going to say in the guide, say it, (then let them know what you said in the conclusions) Examples In the following segment I present X and talk about related work. In Section 3 I depict my exploration technique. In Section 4 I exhibit comes about. In Section 5 I show conclusions and conceivable bearings for future work. Waldman et al, 2001: "This article shows a design for strong Web distributed frameworks. We portray nine configuration objectives for such frameworks, audit a few existing frameworks, and investigate Publius, a framework that meets these outline objectives."

Slide 27

Research and Communication Skills Use theme sentences (Almost) every passage ought to have a subject sentence Usually the principal sentence Sometimes the last sentence Topic sentence gives the fundamental purpose of the section First passage of every segment and subsection ought to give the principle purpose of that area Examples from Waldman et al, 2001 In this segment we endeavor to digest the specific execution points of interest and depict the hidden segments and design of a control safe framework. Mysterious distributions have been utilized to realize change all through history.

Slide 28

Research and Communication Skills Avoid unverified cases Provide proof for each case you make Related work Results of your own trials Conclusions ought not come as an amazement Analysis of related work, trial comes about, and so on ought to bolster your decisions Conclusions ought to abridge, highlight, show connections, bring up issues for future work Don\'t present new thoughts in exchange or conclusion area (other than thoughts for related work) Don\'t achieve conclusions not upheld by whatever remains of your paper

Slide 29

Wiretaps, encryption, and government observation

Slide 30

Surveillance frameworks you ought to think about Clipper Echelon CAPS II TIA Carnivore CALEA MATRIX

Slide 31

Government reconnaissance Governments progressively searching for individual records to mine for the sake of battling fear based oppression People might be liable to examination regardless of the possibility that they have done nothing incorrectly

Slide 32

Risks might be amplified in future Wireless area following Semantic web applications Ubiquitous processing

Slide 33

Encryption has various viewpoints that are critical Stakeholders More than simply the endpoints, regularly Mechanisms Symmetric/Asymmetric Key administration frameworks Usability Impacts/suggestions

Slide 34

How Encryption Works (rearranged) There are 2 sorts of encryption Symmetric Asymmetric

Slide 35

Cryptography Basics Encryption calculation used to make content ambiguous by everything except the planned beneficiaries E ( plaintext , key ) = ciphertext D ( ciphertext , key ) = plaintext Symmetric (shared) key cryptography A solitary key is utilized is utilized for E and D ( E (p,k1), k1 ) = p Management of keys figures out who has entry to content E.g., watchword scrambled email

Slide 36

Public Key Cryptography Public Key cryptography Each key pair comprises of an open and private segment: k + (open key), k - (private key) D ( E (p, k + ), k - ) = p D ( E (p, k - ), k + ) = p Public keys are dispersed (normally) through open key authentications Anyone can discuss furtively with you on the off chance that they have your testament E.g., SSL-base web business

Slide 37

Public Key Cryptography Public Domain Images

Slide 38

Public Key Encryption Public/Private key mixes can likewise be utilized for marking archives Proof of originator Non-disavowal Signing includes utilizing the private key to make the adjusted message, which anybody read (is NOT mystery), however general society key will check the originator

Slide 39

Signing Public Domain Images

Slide 40

Problems with Encryption Usability Software required Complicated Key administration Certificate powers PKI (open key base) What happens when you lose a key????? Incorrect feeling that all is well with the world Policy and administrative issues "What have you got the opportunity to stow away?" .:tsli

View more...