1 / 21

Towards Accountable Management of Privacy and Identity Information

This presentation outlines a model for managing privacy and identity information, discussing enforcement tools, policy compliance, and accountability in enterprise interactions. It covers user-centric privacy policies, encryption mechanisms, and realisation issues in enforcing data protection. The concept of sticky privacy policies and enterprise accountability are explored within a multiparty transaction scenario.

albertthompson
Download Presentation

Towards Accountable Management of Privacy and Identity Information

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Towards Accountable Management of Privacy and Identity Information Marco Casassa Mont Siani Pearson Pete Bramhall Trusted Systems Laboratory Hewlett-Packard Labs, Bristol, UK ESORICS 2003, 13-15 October 2003 Gjovik, Norway

  2. Presentation Outline • Problem Outline • Related Work • Privacy Management Model • Realisation • Discussion • Conclusions ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  3. Privacy and Identity Information E-Commerce Government Person Profiles Business Personal ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  4. Services Services Finance Government Services Scenario: Multiparty Interactions Multiparty Transaction / Interaction User Negotiation of Privacy Policy Services Policies Provision of Identity & Profile Data Data Identity/ Profile Disclosure Enterprise Accountability Enterprise Enforcement User Specification ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  5. P Related Work EPAL Enterprise EnforcementTools Legal Proof, Evidence,Prosecution? Who Controls? EU vs US Personal Data User Understanding IdentityServices P3P Point to point Eg: MS Passport Privacy Seal Predefined Policies Enforcement? Club ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  6. Presentation Outline • Problem Outline • Related Work • Privacy Management Model • Realisation • Discussion • Conclusions ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  7. Privacy Management Model User Enterprise User DB P Transaction User Involvement Enforcement Tracing and Audit Authority Accountable?Transparency Evidence Policy Compliance ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  8. Multiparty Transaction / Interaction Enterprise User Enterprise Services Negotiation of Privacy Policy 1 Services 6 Policies Sticky Policies Enterprise 8 Data Obfuscated Data + Sticky Privacy Policies 2 Services 6 Checking for Integrity and Trustworthiness of Remote Environment Obfuscated Data + Sticky Privacy Policies 3 Request for Disclosure of Data + Sticky Privacy Policies + Credentials ? 4 Decryption Key (if Authorised) 5 Tracing and Auditing Authorities (TAAs) Request for Authorization or Notification Multi-Party Scenario ? 7 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  9. Privacy Model -- Summary • User Centric • Specifies Policies • Binds with their profile • TAA – aids user • Manages and records release of data • Transparency aids accountability • Validates and records enforcement mechanism • Enterprise • Makes audited promises concerning personal data • Allows validation and assessment of enforcement mechanism • Can Still Abuse Privacy ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  10. Presentation Outline • Problem Outline • Related Work • Privacy Management Model • Realisation • Discussion • Conclusions ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  11. User Enterprise User DB P Transaction UserInvolvement Enforcement Tracing and Audit Authority Evidence Policy Compliance Realisation Issues Strong Binding of Policy and Data IBE EnforcementVerifiability TCGTagged OS ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  12. What is Identifier-based Encryption (IBE)? User Enterprise Get decrypt Key,e Choose e Encrypt Encrypted Msg Decrypt Msg Msg Profile Enterprise mustSatisfy Policy PrivacyPolicy Public details TAA – Enforces Policy Compute public details Audit Generate Decryption Key Secrets s ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  13. Trusted Platforms -- TCG Server Root of Trust Apps OS Bios User ID Issuer Query Status Measures Boot, OSand APP loading ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  14. Tagged Operating Systems Tagged OS Data Tagged Datafollowed throughmemory Tagged Kernel Function PEP Policy – internal allow – external encrypt with policy PolicyTagOperation(Destination) ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  15. Control Flow Enterprise TAA Server Request for IBE decryption Key Keys IBE Encrypt Key = PPolicy Apps Tagged OS Bios Context, Id, Purpose Dataflow Policies Check Policy ID User Check Machine Status Record Request ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  16. Sticky Privacy Policies Example of high-level Sticky Policy (XML format): Reference to TA(s) Constraints/ Obligations Platform/OS Constraint Actions (User Involvement) IBE encryption keys can define any kind of privacy constraints or terms and conditions to be deployed and enforced at different levels of abstractions (application/service, OS, platform) ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  17. High-level System Architecture • Based on the IBE Model • Privacy Policies are • represented as • “IBE Encryption Keys” • Confidential data is • encrypted with IBE • encryption keys • IBE encryption keys • “stick” with the encrypted • data (at least till the first • de-obfuscation of the data …) • The “Tracing and Auditing • Authority” is an (IBE based) • Trust Authority. • Leveraging Trusted Platforms and • Tagged OS for enforcing aspects • of Privacy Policies • (Work in Progress…) ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  18. Presentation Outline • Problem Outline • Related Work • Privacy Management Model • Realisation • Discussion • Conclusions ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  19. Tagged OS Tagged OS Tagged OS TCG TCG TCG TCG TCG TCG Discussion Enterprise 1 Personal Data Policy Engine Sticky Privacy Policies Enterprise 2 + Enforcement via Trust Authority + + Policy Engine Enforcement By Trusted Platforms and Tagged OS (Work in Progress) Trusted Audit Policy Engine Tracing, Audit Authority (TAA) ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

  20. Conclusion • Presented a model for accountable management of private identity data • User gains more control • Aided by (their) third party • Audit of legitimate requests • Shared with the user • Checks on enforcement mechanisms • Linked to TAA • Enterprise is accountable for use and enforcement • Links to policy based enforcement ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

More Related