Data Privacy And Security

Karthik Ravi
1PI14CS048
5th sem, CSE

Seminar Guide: Prof. Neeta M S

BE 5th sem CSE

1PI14CS048

ABSTRACT
Data today is more critical than ever
IoT, cloud computing, and data analytics
are making it easy to effectively collect
data (big data)
For Data to be used to their full power, data
security and privacy are critical
We discuss relevant concepts and
approaches for data security and privacy

BE 5th sem CSE

1PI14CS048

INTRODUCTION
Data are today more critical and relevant than ever.
Technological advances and novel applications, such as sensors,
smart mobile devices, cloud systems, data analytics, social
networks, Internet of Things (IoT), are making possible to
collect, store, and process huge amounts of data, referred to as
big data,
The combination of big data and IoT technologies - that we
refer to as pervasive big data (PBD) technologies
As our reliance on PBD technologies increases, the security and
privacy of data managed by PBD systems become crucial.

BE 5th sem CSE

1PI14CS048

Literature Survey
Database SecurityConcepts, Approaches, and Challenges

Secrecy or confidentiality refers to the protection of data

against unauthorized disclosure
Integrity refers to the prevention of unauthorized and improper
data modification, and
Availability refers to the prevention and recovery from
hardware and software errors and from malicious data access
denials making the database system unavailable.
These three requirements arise in practically all application
environments

Literature Survey
Efficient k-Anonymization Using Clustering Techniques

A recent approach addressing data privacy relies on the notion

of k-anonymity.
In this approach, data privacy is guaranteed by ensuring that
any record in the released data is indistinguishable from at least
(k 1) other records with respect to a set of attributes called the
quasi-identifier.

Literature Survey
OWASP Internet of Things Project
The OWASP Internet of Things Project is designed to help manufacturers, developers, and
consumers better understand the security issues associated with the Internet of Things, and to
enable users in any context to make better security decisions when building, deploying, or
assessing IoT technologies.
The project looks to define a structure for various IoT sub-projects such as Attack Surface
Areas, Testing Guides and Top Vulnerabilities.

BASIC DATA SECURITY

REQUIREMENTS

3 basics requirements are confidentiality, integrity, and

accessibility
Privacy is a new critical requirement
Systems managing privacy-sensitive data may have to
collect and record the privacy preferences concerning the
individuals to whom the data refer to, referred to as data
subjects.
The integrity requirement has been generalized into the
data trustworthiness requirement. Data trustworthiness
refers to making sure not only that data are not modified by
unauthorized subjects, but also that data are free from
errors, up to date, and originating from reputable sources.

CHARACTERIZATION OF BIG DATA

Volume data sizes range from terabytes to zettabytes

Variety data come in many different formats from
structured data, organized according to some structures
like the data record, to unstructured data, like images,
sounds, and videos which are much more difficult to
search and analyze.
Velocity in many novel applications, like smart cities
and smart planet, data continuously arrive at possibly
very high frequencies, resulting in continuous highspeed data streams. It is critical that the time required to
act on these data be very small .
Huge number of data sources the real value of data
sets is when these data sets are integrated and crosscorrelated.

BIG DATA CONFIDENTIALITY AND

PRIVACY
Data Confidentiality:
For access control mechanisms we need:
Merging large numbers of access control policies.
Automatically administering authorizations for big data (permissions)
Enforcing access control policies on heterogeneous multi-media
data(content based eg: security cameras)
Enforcing access control policies in big data stores (arbitrary jobs
using programming languages)

Data Privacy:
By Correlating big data sets one can extract private information
For data privacy we need to look at:
Techniques to control what is extracted
Support for both personal privacy and population privacy
Privacy implications on data quality.
Data ownership : stake holders (eg law enforcement agency accessing
user data without users knowledge legally)
Data lifecycle framework.
Data acquisition (eg recording without permission)
Data sharing (eg sharing without permission)

IoT Risks

Failed to require passwords of sufficient

complexity
Required passwords of sufficient complexity

did not encrypt local and remote

traffic
communications

A Study by HP about the most popular devices in

the most common IoT applications domain

Contained vulnerable user

interfaces and/or vulnerable firmware

Did not contain vulnerable user

interfaces and/or vulnerable firmware

IoT Risks
IoT vulnerabilities arise due to the lack of adoption of well-known security
techniques, such as encryption, authentication, access control
This is also due to the variety of hardware platforms and limited computing
resources of IoT devices
Information is typically collected from devices and then uploaded to cloud
platforms or transmitted to mobile devices
This info is very rich and contains meta-data (eg location, time) thus making
it easy to infer personal habits, and behaviour of individuals using these
devices
Such information needs to carefully protected
Users should be provided with suitable, easy to use tools for protecting their
privacy and support anonymity

IOT DATA SECURITY INITIAL

EFFORTS

Solutions must ensure protection while data are transmitted and

processed at the devices.
Some data security solutions are

Cryptographic Protocols.

Application Security.

Network Security.

IOT DATA SECURITY INITIAL

EFFORTS
Cryptographic Protocols
Strong security can be achieved only if cryptographic
protocols are implemented and deployed correctly.
Some interesting projects:
Techniques and protocols for efficient authentication
operations for networked vehicles (Simulating real-time
response time is crucial)
Project focuses on encryption protocols for networks
consisting of small sensors and drones. In such
networks, sensors are on the ground and acquire data of
interest from the environment and drones fly over the
sensors to collect and aggregate data from sensors, the
issue here is to save energy and make sure drones dont
wait too long for sensors to generate encryptions keys
(LPL ie Low Power Listening techniques are used)

IOT DATA SECURITY INITIAL

EFFORTS
Application Security
Even though there are many techniques for program
hardening and analysis, they need to ported to IoT device
firmware's
Some examples
Protect programs against code injection attacks, by
inserting a static check statement before any
instruction that modifies the program counter.
(downside is identifying for each platform the critical
instructions)
Protecting against memory vulnerabilities for apps
written in C for TinyOS platform, this approach
statically analyzies an application to identify memory
vulnerabilities

IOT DATA SECURITY INITIAL

EFFORTS
Network Security

Security techniques at network level are critical in order to

minimize data losses.
To achieve minimal data loss it is critical to quickly
diagnose the cause of packet loss and fix the network
Project which has addressed this requirement by
developing a fine-grained analysis (FGA) tool that
investigates packet losses and reports their most likely
cause.
However this is just an initial approach, research needs
to be done to extend this to mobile systems and other
communication systems which may need different
profiling parameters

IOT DATA SECURITY RESEARCH

DIRECTIONS
Data confidentiality requires access control to govern access
to the data by taking into account information on data
provenance and metadata
This is done in two ways i.Temporal ii.Location based
access control protocols
Data trustworthiness is another challenge in IoT sector
because of
Bad device calibration
Device errors
Deliberate data deception attacks
Data privacy is yet another challenge in IoT sector
We need to prevent devices from sharing information
such as location and other private information

Conclusion
In this paper we has discussed research directions in big data
confidentiality and privacy, and IoT data security

Other relevant research areas are:

data security and privacy on the cloud

data privacy in social networks (network collaborative

approaches for access control eg pictures in facebook)

Two other additional research directions

Data protection from insider threats (user behaviour

monitoring)

Privacy-aware software engineering (applications scrub

memory to remove sensitive data)

Research drawing from different areas, including computer

science and engineering, information systems, statistics, risk
models, economics, social sciences, psychology will help address
the challenges of big data security and privacy

References
[1] E. Bertino, R. Sandhu, Database Security Concepts, Approaches, and
Challenges, IEEE Trans. Dependable Sec. Comput. 2(1):2-19 (2005)
[2] J.-W. Byun, A. Kamra, E. Bertino, N. Li, Efficiently k- Anonymization Using
Clustering Techniques, Proceedings of the 12th International Conference on Database
Systems for Advanced Applications (DASFAA 2007), Bangkok, Thailand, April 9-12,
2007. LNCS, Springer.
[3] https://www.owasp.org/index.php/OWASP_Internet_of_Things_Proj ect