Escolar Documentos
Profissional Documentos
Cultura Documentos
VIEWPOINT OF PRIVACY
Slides from Prof. Johan Christoph Freytag (Humboldt
University, Berlin)
Outline
2
Privacy
Privacy and context
Privacy and mobility
Privacy and context combined with privacy and
mobility
RFID
B-O-333
PRECIOSA kick off meeting
Paris, 11.04.2008
HU Berlin: Prof. Johann-Christoph Freytag, Dipl.-Inf. Martin Kost
Privacy
Is it always obvious?
5
date of birth
http://lab.privacy.cs.cmu.edu/people/sweeney/
Sweeney paid $20 and bought the voter registration list for
Cambridge, MA:
GIC(zip, dob, sex, diagnosis, procedure, ...)
Data Security =
Confidentiality + Integrity
(+ Availability)
Distinct from system and network security
PRECIOSA kick off meeting
Paris, 11.04.2008
HU Berlin: Prof. Johann-Christoph Freytag, Dipl.-Inf. Martin Kost
Privacy
What is Privacy?
9
Definition 1: [Sween’02]
“Privacy reflects the ability of a person, organization,
government, or entity to control its own space, where the concept
of space (or “privacy space”) takes on different contexts”.
Physical space, against invasion
Bodily space, medical consent
Computer space, spam
Web browsing space, Internet privacy
[Agrawal’03]
• Definition 2:
“Privacy is the right of individuals to determine for themselves when, how, and
to what extent information about them is communicated to others”.
(We shall call this data/information privacy)
PRECIOSA kick off meeting
Paris, 11.04.2008
HU Berlin: Prof. Johann-Christoph Freytag, Dipl.-Inf. Martin Kost
Privacy
Anonymity and unobservability
10
message
access
Whom to protect?
sender
(content of message)
Message
Basic approach:
Access
Dummy traffic
Proxies
DC-Networks
… more
PRECIOSA kick off meeting
Paris, 11.04.2008
HU Berlin: Prof. Johann-Christoph Freytag, Dipl.-Inf. Martin Kost
Privacy
Maintaining data privacy for accessing databases
12
[Sween’02]
k-anonymity &
its properties
introduced by Sweeney
Sensitive
Sensitive
* Caucas * Arthritis
* Caucas * Cold
27 Afr-Amer * Flu
27 Afr-Amer * Arthritis
Patent-DB
Problem to solve:
USER/ User/Client: no one should know the
CLIENT contents of the query nor the result (not
even the server)
Observation:
query
client and server might not be sufficient
(Adversary might access decrypted query
if he can get “inside” the database
DB SERVER system and if he can observe disk access)
Naïve solution:
Client downloads the entire DB &
executes queries locally – unrealistic
DB solution (size & ownership of data)
PRECIOSA kick off meeting
Paris, 11.04.2008
HU Berlin: Prof. Johann-Christoph Freytag, Dipl.-Inf. Martin Kost
Privacy
Accessing databases privately (Access privacy)
20
2
3
4 Encrypted (Return record x)
5
5
6
7 IBM 4758 Secure
Coprocessor (SC)
original database
? 4
? SC 5
? 5
? 6
? 7
? 8
? 9
Query
? 10
0,25
0,2
query 0
1 2 3 4 5 6 7 8 9 10
Privacy and context
23
Combinatorics
Machine learning
Use of backround knowledge linkage attacks
Cancer
Breast cancer
Lung cancer
Preventing
contexts to be identified
contexts to be combined with individuals
Apply methods of anonymization and Probabilistic privacy (e.g.
shuffle contexts)
Shannon‟s entropy definition applicable (normalized)