180 likes | 271 Views
Privacy Management for. Portable Recording Devices. J. Alex Halderman Brent Waters Edward W. Felten . Princeton University Department of Computer Science. J. A. Halderman. 1 of 10. Camera Phones. =. +. ×. Ubiquitous Recording. 170 million. =. New Privacy Threats.
E N D
Privacy Management for Portable Recording Devices J. Alex Halderman Brent Waters Edward W. Felten Princeton UniversityDepartment of Computer Science J. A. Halderman 1 of 10
Camera Phones = + × Ubiquitous Recording 170 million = NewPrivacyThreats 170 million in 2004 J. A. Halderman 1 of 10
New Privacy Threats A Breakdown of Social Norms J. A. Halderman 2 of 10
Previous Approaches Coarse-Grained Restrictions Law/Policy Technology Based on location, not full context Augment them, don’t replace them Usage RestrictionsLocal Bans Signal from beacon disables recording features Decide before recording, not playback J. A. Halderman 3 of 10
Our Approach Privacy protection built intotrusted recording devices J. A. Halderman 4 of 10
Our Approach Recording subjects control use Negotiate using their devices (assume discovery method) J. A. Halderman 4 of 10
Our Approach Encrypt recording before storing Must ask permission to decrypt Key share retained by privacy stakeholders Defers privacy decision to last possible moment J. A. Halderman 4 of 10
Our Privacy Requirements 1. Unanimous Consent 2. Confidentiality of Vetoes Colluder J. A. Halderman 5 of 10
Our Applications Laptops/WiFi AOL Instant Messenger • Protects audio recordings• Manual discovery • Protects chat logs• Discovery handled by AIM J. A. Halderman 6 of 10
Secure XOR Alice Bob kBob Secret Secret kAlice Alice and Bob tell Carol kAlice kBob without revealing other information about kAlice or kBob to anyone Carol Variation on Chaum’s “Dining Cryptographers” J. A. Halderman 7 of 10
Secure XOR Alice Bob kBob Secret Secret kAlice BBob Blinding factor Blinding factorBAlice BBob BAlice BBobBAlicekBob kAliceBBobBAlice Carol kAliceBBobBAlice BBobBAlicekBob = kAlice kBob A & B each XOR both blinding factors with their secret input and send the result to Carol Carol does not learn kAlice or kBob A & B choose and exchange random blinding factors Carol XORs these messages to learn kAlice kBob J. A. Halderman 7 of 10
Private Storage Protocol “Create” Operation Need a trusted recording device for now Identify stakeholders J. A. Halderman 8 of 10
Secure XOR Private Storage Protocol “Create” Operation k1 k2=1101001 key=1101001 k1=0110100 k2=1011101 Recorder discards plaintext, key Encrypt using k1 k2 as key Stakeholders hold on to shares Securely tell recorder k1 k2 Choose random keyshares J. A. Halderman 8 of 10
Secure XOR Secure XOR Private Storage Protocol “Decrypt” Operation 1110001 key=1101001 ? key=1000101 ? Cryptography provides strong protection May we decrypt <2100624>? id=2100624 owners=Alice,Bob kAlice=0110100 id=2100624 owners=Bob,Alice kBob=1011101 id=2100624 owners=Alice,Bob Requestor sends request Vetoes remain confidential Stakeholders apply policies To grant, input keyshare into XOR To deny, give random input to XOR J. A. Halderman 8 of 10
Location Service Data In Data In Recorder A Recorder B “Create” Agent A Agent B Encrypted Recording Keyshare Keyshare Policy Policy Persistent Agent A Persistent Agent B “Decrypt” Storage Player Data Out Private Storage Protocol J. A. Halderman 8 of 10
Privacy in Practice A Problem of Compliance Community of like-minded people:Social pressures, local policies, etc. Convince manufacturers to build it in:Regulatory pressure, customer demand Privacy law can provide further incentives J. A. Halderman 9 of 10
Conclusions Ubiquitous recordingbrings privacy threats Widespread compliance among like-minded groups Technology can give controlback to recording subjects J. A. Halderman 10 of 10
Privacy Management for Portable Recording Devices J. Alex Halderman Brent Waters Edward W. Felten Princeton UniversityDepartment of Computer Science