Using so as to convey PETs to the Standard Assessment.


105 views
Uploaded on:
Category: Animals / Pets
Description
Using so as to convey PETs to the Standard Assessment. Ken Anderson Partner Security Official Data and Protection Chief/Ontario Ken.Anderson@ipc.on.ca. Motivation. Patterns in expansive scale electronic frameworks Protection Characterized Security Upgrading Innovations (PETs)
Transcripts
Slide 1

Using so as to convey PETs to the Mainstream Evaluation Ken Anderson Assistant Privacy Commissioner Information & Privacy Commissioner/Ontario Ken.Anderson@ipc.on.ca

Slide 2

Agenda Trends in extensive scale electronic frameworks Privacy Defined Privacy Enhancing Technologies (PETs) Privacy Enhancing Technologies Testing and Evaluation Project (PETTEP) Common Criteria PETTEP advancements

Slide 3

Trends In Large Scale Electronic Systems

Slide 4

Trends in Large Scale Electronic Systems Governments around the globe are progressively moving to savvy cards and PKI to give better recognizable proof and extra administrations to people in general (e.g. UK Chip and PIN Program, Canada E-Pass)) Enhance ID procedure Prevent forging and ensure against Identity Theft Integrate distinctive types of IDs utilized for a few purposes into one (Italy’s national id joins biometric, driver’s permit, official id and wellbeing card) Improve and include new administrations Movement from “interacting” in-individual to on-line Combine with 3 rd gathering administrations (e.g. Hong Kong Octopus Card, consolidates, toll transport card and computerized trade out a few outlets)

Slide 5

More Trends in Large Scale Electronic Systems Services fused on National/Enterprise Scale (for instance): Government-to-Citizen Identification Documents (Italian national ID cards) Voting Taxes Online (Canada Customs and Revenue Agency) Personal structures and reports On-line access to taxpayer supported organizations and data (Hong Kong Electronic Service Delivery) Digital legal official (PKI) Government-to-Business Taxes Business structures and archives On-line access to taxpayer driven organizations and data Digital legal official (PKI)

Slide 6

Privacy Defined

Slide 7

Privacy Defined Personal control over the gathering, utilization and exposure of any recorded data around an identifiable individual An association\'s obligation regarding information assurance and defending individual data in its care or control

Slide 8

Privacy Concerns are increasing Concern that data is gathered, utilized, uncovered and secured appropriately Compliance with enactment

Slide 9

How the Public Divides on Privacy

Slide 10

Privacy Enhancing Technologies

Slide 11

Privacy Enhancing Technologies PETs have been characterized as “ an intelligent arrangement of Information and Communications Technology measures that ensure protection by preventing so as to take out or lessening individual information or superfluous and/or undesired preparing of individual information; all without losing the information\'s usefulness framework “ - Dr. John Borking

Slide 12

Privacy Enhancing Technologies A Partial List of Types of PETs Anonymizers/Pseudonymizers Limited Show Blind Signatures Biometric Encryption Secret Sharing Privacy Preserving Data Mining Unlinkable databases Unobservable information administration

Slide 13

The Concern. Should have the capacity to trust PETs keeping in mind the end goal to Deploy Are boundaries to… Different Testing plans No characterized criteria PETs Proliferation No universal coordination Need to assess PETs under a typical standard perceived globally

Slide 14

Privacy Enhancing Technologies Testing and Evaluation Project (PETTEP)

Slide 15

PETTEP March 2001: Ontario IPC shaped a worldwide group to tackle the test of creating testing criteria for PET’s Privacy Enhancing Technologies Testing and Evaluation Project (PETTEP) Members included Privacy and CC specialists from government, industry and lawful US Department of Defense IBM Microsoft Data Protection/Privacy Commissions.

Slide 16

PETTEP Goals: Short Term to Long Term Develop Testing Criteria for Labs Implement Pilot Testing Foster PET Technology Development Advocate Technology Implementation Design Privacy Protections into Technology Standards

Slide 17

Enter the Common Criteria The Common Criteria (CC) speaks to the result of a progression of endeavors to create criteria for assessment of IT security that are extensively helpful inside of the global group. http://www.commoncriteria.org/

Slide 18

PETTEP Consider constructing assessment of PETs in light of the CC Internationally acknowledged criteria for ITS items National assessment conspires as of now exist to give oversight, lab accreditation and assessment approach Although proposed for security - Privacy components effectively included “Security Functionality Requirements” may be mapped to the Privacy\'s components Fair Information Practices

Slide 19

Why the Common Criteria as Foundation? The Common Criteria had a spot holder effectively produced for security innovations that managed perceptibility, linkability, traceability and obscurity. The Communications & Security Establishment (CSE), US National Security Agency’s Canadian comparable, joined the venture and subsidized two starting contracts to analyze components of this venture The Common Criteria plan was both embraced by a developing number of national governments and shaped an International Standards Organization (ISO) standard. Free testing labs around the globe are certify Common Criteria certifiers.

Slide 20

Using the Protection Profile Model in the Common Criteria Protection Profile (a standard instrument of the Common Criteria) An announcement of client need A framework outline report A reliable string from ‘what’ to ‘how’ Based on reasonable data practices Provides abnormal state rules Implementation autonomous Protection profile is a settled upon methodology inside PETTEP to address assessment of security usefulness.

Slide 21

PETTEP Approach Map Fair Information Practices to CC where conceivable Determine how to approach assessment of PETs – in light of innovation gathering, numerous Protects, single Protection Profiles, bundle? Addition comprehension and accord inside PETTEP participation on route ahead Work inside PETTEP to make reality soon

Slide 22

PETTEP first Workshop Sept 11 2001 – Kiel, Germany Initial meeting endless supply of Common Criteria (CC) Reviewed & talked about Straw Man Privacy Protection Profile created by DOMUS IT Security Lab.

Slide 23

PETTEP: The second Workshop April 2002: San Francisco Undertook investigation of Electronic Warfare Associates-Canada Limited methodology which proposed another arrangement of useful necessities straightforwardly identified with Privacy that should have been be acquainted with the Common Criteria

Slide 24

PETTEP - The 3 rd Workshop - Dresden March 2003: Dresden Germany Fair Information Practices separated into 4 classes – taking into consideration the advancement of 4 Protection Profiles US Department of Defense specialists displayed the first Protection Profile – Privacy Security Draft Protection Profile surveyed and by and large acknowledged by Participants

Slide 25

PETTEP – Privacy PP Development Security Accuracy Collection Accountability Includes: Security and Safeguards Openness Includes: Data Accuracy Includes: Consent Identifying reason Limit use/exposure Limit gathering Includes: Accountability Challenging consistence Individual access

Slide 26

PETTEP - The 4 th Workshop - Kiel Analysis of CC for re-usable components for Privacy Final audit of Privacy Security PP created by DoD Planned DoD CC assessment of brilliant card utilizing Privacy Protection Profiles Review of proposed Data Protection Commission Privacy Seals as interval stride in PETTEP Examination of issues and path ahead

Slide 27

Challenges remaining How to utilize the current usefulness of the CC in production of Privacy Protection Profiles (PP’s) (mapping of FIPS) – OR – are extra protection capacities needed? Advancement of alternate PP’s Evaluation of the assigned PET items to the PP (evidence of idea) The need to assess more PET items (by means of PP or Security Targets) How to urge sellers to have PET items assessed Gaining acknowledgment of the PETTEP approach by the International Common Criteria Time!and Money!!

Slide 28

Summary and Closing Thoughts Next Steps for next year and a half: Continue PETTEP workshops to survey work by accomplices Test innovations utilizing Privacy Protection Profiles Refine Privacy part of Common Criteria Present to International CC body to acknowledge Privacy augmentations to the Common Criteria

Slide 29

Thank You Ken Anderson Assistant Privacy Commissioner Information & Privacy

Recommended
View more...