View
23
Download
0
Category
Preview:
DESCRIPTION
Privacy Management for. Portable Recording Devices. J. Alex Halderman Brent Waters Edward W. Felten . Princeton University Department of Computer Science. J. A. Halderman. 1 of 10. Camera Phones. =. +. ×. Ubiquitous Recording. 170 million. =. New Privacy Threats. - PowerPoint PPT Presentation
Citation preview
Privacy Management for
J. Alex Halderman Brent WatersEdward W. Felten
Princeton UniversityDepartment of Computer Science
Portable Recording Devices
J. A. Halderman 1 of 10
Camera Phones
170 million in 2004
= +× 170 million =
NewPrivacyThreats
Ubiquitous
Recording
J. A. Halderman 1 of 10
New Privacy Threats
J. A. Halderman 2 of 10
A Breakdown of Social Norms
Augment them, don’t replace them
Previous Approaches
Law/Policy
Usage RestrictionsLocal Bans
TechnologySignal from beacon disables recording
features
J. A. Halderman 3 of 10
Based on location, not full context Decide before recording, not playback
Coarse-Grained Restrictions
Our Approach
J. A. Halderman 4 of 10
Privacy protection built intotrusted recording devices
Our Approach
J. A. Halderman 4 of 10
Recording subjects control useNegotiate using their
devices (assume discovery method)
Defers privacy decision to last possible moment
Our Approach
J. A. Halderman 4 of 10
Encrypt recording before storingKey share retained by
privacy stakeholders
Must ask permission to decrypt
Our Privacy Requirements
J. A. Halderman 5 of 10
1. Unanimous Consent2. Confidentiality of Vetoes
Colluder
Our Applications
J. A. Halderman 6 of 10
Laptops/WiFi AOL Instant Messenger
• Protects audio recordings
• Manual discovery
• Protects chat logs • Discovery handled by
AIM
Alice and Bob tell Carol kAlice kBob without revealing other
informationabout kAlice or kBob to anyone
Variation on Chaum’s “Dining Cryptographers”
Secure XOR
J. A. Halderman 7 of 10
BobAlicekBob SecretSecret kAlice
Carol
A & B choose and exchange random blinding factorsA & B each XOR both blinding factors with their secret input and send the result to CarolCarol XORs these messages to learn kAlice kBob
BobAlicekBob SecretSecret kAlice
Secure XOR
J. A. Halderman 7 of 10
BBob Blinding factorBlinding factor BAliceBBob BAlice
kAlice BBob BAlice BBob BAlice kBob
CarolkAlice BBob BAlice BBob BAlice kBob
= kAlice kBob
Carol does not learn kAlice or kBob
Private Storage Protocol
8 of 10
“Create” Operation
J. A. HaldermanIdentify stakeholders
Need a trusted recording device for
now
Private Storage Protocol
8 of 10
“Create” Operation
J. A. Halderman
Choose random keyshares
k1=0110100k2=1011101
Securely tell recorder k1 k2
Secure XOR
k1 k2=1101001
Encrypt using k1 k2 as key
key=1101001
Recorder discards plaintext, keyStakeholders hold on to shares
id=2100624 owners=Alice,BobkAlice=0110100
Secure XOR
Private Storage Protocol
8 of 10
“Decrypt” Operation
J. A. Halderman
id=2100624 owners=Bob,AlicekBob=1011101
id=2100624owners=Alice,Bob
Requestor sends request
May we decrypt <2100624>?
Cryptography provides strong protection
Stakeholders apply policies
Secure XOR
To grant, input keyshare into XOR
key=1101001 ?
To deny, give random input to XOR
1110001key=1000101 ?
Vetoes remain confidential
Private Storage Protocol
J. A. Halderman 8 of 10
“Create”
Location Service
Storage
Recorder BRecorder A
Data In Data In
PersistentAgent A
PersistentAgent B
Player
Agent A Agent B
Keyshare Keyshare
Encr
ypte
d Re
cord
ing
“Decrypt”
Policy Policy
Data Out
Privacy in Practice
J. A. Halderman 9 of 10
A Problem of ComplianceCommunity of like-minded people:Social pressures, local policies, etc.
Privacy law can provide further incentives
Convince manufacturers to build it in:Regulatory pressure, customer demand
Conclusions
J. A. Halderman 10 of 10
Ubiquitous recording
brings privacy threats
Technology can give control
back to recording subjects
Widespread compliance among like-minded groups
Privacy Management for
J. Alex Halderman Brent WatersEdward W. Felten
Princeton UniversityDepartment of Computer Science
Portable Recording Devices
Recommended