Upload
blanche-stevenson
View
221
Download
1
Tags:
Embed Size (px)
Citation preview
Big Data and PrivacySocial Networking Services and
User Data Protection
UNIVERSITY OF MARYLAND, UNIVERSITY COLLEGE
SHUANGBAO (PAUL) WANGPROGESSOR
PROGRAM DIRECTOR FOR CYBERSECURITY
CENTER FOR SECURITY STUDIES
Question:
How many Fortune 500 Companies had data breaches last year?
Answer: 500
Solutions to Privacy?
• Industry -- Yes• Academia -- May be not• Government – Yes, but putting backdoors
• Trying to find solutions. • Why? – Defend? -- Prevent?
Twitter Company Statistics Data (7/11/14)
Total number of active registered Twitter users 645,750,000
Number of new Twitter users signing up everyday 135,000
Number of unique Twitter site visitors every month
190 million
Average number of tweets per day 58 million
Number of Twitter search engine queries every day
2.1 billion
40 TB/year == 8500 DVD
Social Services Big Data
Public Account
Individual Account
Developers
Company Team Individual 88.9% 10% 1.1%
Industries
.net companies software developers .net services others
23.64% 43.31% 31.79% 1.46%
Education
Data Breaches
• Card System• 2005$40M
• TJX• 2007$90M
• Heartland• 2009$130M
• Sony• 2011$100M
• Target• 2013$70M
• Home Depot• 2014$56M
It took ten years to reduce the time to identify a data breach from a week to days.
GMU 1• Jan. 2005• 32,000• A week to identify
GMU 2• July 16, 2014• 4,400 faculty
College Park 1• Tue. Jan. 18, 2014• 309,079• Hackers made a copy of
DB dataCollege Park 2• One month later• 36 hours identify
How much time is need to steal 300k data record? < 1ms
Solutions?
Algorithms - Traditional• Cisco• Google map• Dijkstra, core: 10 lines? 10k lines? 10 million?
Algorithms – future• N Dimensions/Domains
HSPM Algorithm – Threat AnalysisINPUT:• Some 200 parameters, DB scheme, encryption • Vulnerability Assessment Report• Hardware configurations• Policies in place and Implementation• Each assign a weightOUTPUT• Threat factor – tf:[0 – 1.00]• Recommendations and Guide
Security = Hardware + Software + Policy + Management- Wang, 2006
HSPM - Experiments
• Traveler Enterprise– 20 million business– 1st round• Before: tf = 0.71, blue hat: steal all data• After: tf = 0.38, blue hat: steal no data
– 2nd round• tf reduces to 0.18• Merged by a big company
Free vs. not FreeSuppose you have a full-time job. If there is an email service charging $40 a year but does not collect your data.
Question:Are you willing to switch to this email service or would you rather stay in the current free email services by scarifying your privacy?
91% -- Yes 79% -- YesAfter HSPM & training
Log in with strong password over SSL
Is it secure? -- Yes: 98%
Protect Privacy?
• Our Privacy is on the hands of others• What we can do to defend our privacy
ourselves?– Policies– Technologies
–How to “hide” yourself in this cyber insecurity world?