CS 665: Computer System Security - Privacy in the Networked Society, Study notes of Computer Science

Download CS 665: Computer System Security - Privacy in the Networked Society and more Study notes Computer Science in PDF only on Docsity! 1 CS 665: Computer System Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University Privacy in the Networked Society Fall 2004 2 Overview • Introduction • Technologies – Cookies: Snooping your Web browsing habits. – Media Center: Entertainment of the future. – File Swapping: Do you know what is shared? • Summary Fall 2004 3 Introduction • Definition of privacy “Freedom from unauthorized intrusion.” – Privacy concerns much broader than presented. • Public information and records. – “New neighbors move in across the street. You wonder how much they earn, how old he is, if they're married or just cohabiting. A few clicks on the county court's website and you're privy to the husband's Social Security number, details about his wife, and the fact that he had a financial spat with a local business.” » [Christian Science Monitor, Nov. 2004] – Most records available over the Internet. – Not the focus of this talk. 2 Fall 2004 4 Introduction (2) • What is this talk about? A technocrat’s view on privacy. – Potential technological vulnerabilities. • Limited to a few examples. • Who/What defends privacy? – Individuals: • The principle of informed consent. • What constitutes informed consent? – Laws. – Profits related to new technologies! Fall 2004 5 Introduction (3) • Expectations of privacy evolve over time. – “Globalization” has a long history. – Abuse of unique numerical personal identifiers. • SSN. – Cyberspace is impersonal. • Makes justification of identity theft more acceptable. • Trustable cyberspace. – Does not include human factors. – Most credit card fraud not committed on-line. Fall 2004 6 Overview • Introduction • Technologies – Cookies: Snooping your Web browsing habits. – Media Center: Entertainment of the future. – File Swapping: Do you know what is shared? • Biometrics – The ultimate threat or the ultimate protection? • Summary 5 Fall 2004 13 Media Center • The Evil Empire ☺: – “Bill Gates predicts a future for the entertainment industry in which traditional broadcast television is rendered irrelevant. It's a positive vision, however, because new and better business models made possible by technology are emerging.” [CNN, Oct. 2004] • The demise of today's concepts regarding channels and schedules. – Microsoft Windows XP Media Center Edition 2005 already exists. Fall 2004 14 Media Center Concept • Change how? – “The ideal for many content people would be that they just put their content on the Internet and then they have a direct relationship with the viewer.” • Issues – Willingness of studios to make content available. • Digital rights management is critical. – The next generation of physical media. – The model to allow for personalized, targeted advertising. • Send a high-def stream that's individual to every home. Fall 2004 15 File Swapping • Large logical (peer-to-peer) networks. – Support simple file sharing and file exchange. • Major violations of copyright laws. – Music, movies and software shared. • Privacy concern: – Do you really know what is going on on your machine? – Major networks require acceptance of overly broad licensing agreements. • Right to run ANY PROCESS on your computer. 6 Fall 2004 16 File Swapping (2) • Limitless potential for abuse. – No ability to protect your information on your own computer. • Once the burglar is in the house, there is little you can do. – Potential to create the most powerful supercomputers. • Potential abuse by organized crime and governments. Fall 2004 17 DES Encryption Security • Depends on the key length. – On Tuesday, January 19, 1999, distributed.Net, a worldwide coalition of computer enthusiasts, worked with EFF's DES cracker and a worldwide network of nearly 100,000 PCs on the internet, to win RSA data security's DES challenge III in a record-breaking 22 hours and 15 minutes. The team deciphered a secret message encrypted with the data encryption standard (DES) algorithm using commonly available technology. From the floor of the RSA data security conference & expo, a major data security and cryptography conference being held in san Jose, Calif., EFF's DES cracker and the distributed.Net computers were testing 245 billion keys per second when the key was found. – This is a cheap solution, demonstrating how security estimates can be based on flawed assumptions. Fall 2004 18 Privacy protection principles • As engineers, be cognizant of the systems you build. – Information will flow across system boundaries in unanticipated ways. • No hidden databases! – Complete subject awareness of information usage. – Clear goals, no function creep. • Anticipate errors and provide correction mechanisms. – Once on a “watch list”, how does one get off? 7 Fall 2004 19 Summary • The landscape of privacy: – Anonymity, confidentiality, integrity. – Notice, informed consent, and trusted security. • Technology defines policy! – But, technologists must be cognizant of social/legal norms and expectations. – Consumer fear and acceptance. – Negotiating Privacy, Politics, and Law Fall 2004 20 Summary (2) • Public education and awareness. – There is no technological knowledge in the society without excellent education and outreach. • Strong commercial and public interest. – No society can turn its back to technology. • Forget about Orwell. – What about Gates? Fall 2004 21 Thank You