220 likes | 374 Views
Privacy Incorporated Software Agents. Jan Huizenga - TNO - PISA co-ordinator. Main Topics PISA Mobile Intelligent Agents Agents and Privacy Contribution. Overview. Main topics PISA. Human-Computer Interface. Agent System. Network Privacy. Security & Privacy. 1000. 100. 10.
E N D
Privacy Incorporated Software Agents Jan Huizenga - TNO - PISA co-ordinator jan.huizenga@tno.nl; +31 6 204 315 47
Main Topics PISA Mobile Intelligent Agents Agents and Privacy Contribution Overview
Main topics PISA Human-Computer Interface Agent System Network Privacy Security & Privacy
1000 100 10 Max data rate (Mbps) 1 0,1 0,01 1996 1998 2000 2002 2004 2006 2008 2010 Mobile Intelligent Agents Communication Space Application Space PAN/LAN/WAN Convergence AMBIENT Intelligence Infotainment Virtual Homes HIPERLAN Video Streaming Video data rate Mobile Agents 3G 802.11 HomeRF Still Imaging Bluetooth High Speed Internet GPRS Audio Streaming Text Messaging Voice GSM product date Local Area: LAN Wide Area: WAN Personal Area:PAN
Around PISA: a complex world where ... intermediation PKI ASP SGSN wireless Gateway Server NodeB Core Network Appli RNC GGSN RAN Cellular (e.g. UMTS) Local PDN Sec. M. ME privacy must transcend heterogenity and mobility
THE AGENT AND PERSONAL DATA FLOW Agent- provider Agent 1 External sources Agent 2 Agent N MIKE’s Agent Mr. Jones Network Agents databases: personal data about Mr. Jones MIKE A personal agent can perform tasks for its user. => a personal agent needs personal information
1997: NDPA, DPA Canada, TNO: Report “Agents, Privacy & PET 1999: How do we demonstrate agents & privacy? 2000: Project/consortium proposal : PISA 2001-2003 Identifying the privacy requirements and threats Designing PET for agents Building a sample application Evaluating the sample application Agents & Privacy
PRIVACY THREAT ANALYSIS VIOLATIONS OF PRIVACY REGULATIONS USE SOLUTION INTEGRATED LIST OF THREATS TECHNOLOGY SYSTEM PURPOSE Mobile code
PET = Privacy Enhancing Technologies USER KNOWN PID 1 PID 2 THE IDENTITY PROTECTOR PID 3 PSEUDO IDENTITY DOMAINS IDENTTY DOMAINS
The Privacy Agent Design To show that privacy of the user is protected in all kinds of processes by incorporated PET features Identity Protector Non-Personal data Personal data
How to achieve privacy protection in Agents? Deployment of PETs Classic tools (anonymity, pseudonymity, unobservability and unlinkability) is not enough to achieve optimal privacy protection. Therefore PISA needs a design for: Personal Data : Personal Identifiable Information (PII), and Non-PII. Legal rules (privacy principles) Agent Practices Statement (APS) Privacy Preferences Privacy Protection
Level 1: Contact Information. Level 2: All other items of personal data except level 3. Level 3: Special categories of personal data. Three Levels of Personal Data
Purpose specification Finality Legimate Processing Data quality Transparency Data subject’s rights Storage duration Right to object Security Privacy Principles
Privacy Ontology DataProtectionAutority PIILevel1 1..n PII PIILevel2 PIIGroup PET APS PIILevel3 1..n 0..n PrivacyPreference PrivacyPolicy PrivacyPrinciple 1 LegalProcessing Transfer Finality Transparency DataSubjectRights
Trusted Third Auditor Controller Party Other Agents or PET APS Personal Data User Preferences Services PISA Model PISA Agents Privacy Protection by: 1. Anonymity & Pseudo-identities (PET) 2. Trust/secure “mobile code” (Encryption) 3. Act according the Directive (APS)
Certification Authority (PKI) PISA Platform Data Registration Subject Service Authority Agent Agent Controller Interaction External Web Services Personal Task Agent Log Agent Agent Processor Advisor Monitor Agent Agent Auditor 1 agent / platform Auditing 1 agent / user multiple agents General PISA Architecture
HCI and PRIVACY PROTECTION From Privacy Legislation to Interface Design Building Trust & Reducing Risk HCI Requirements for Legislative Compliance and Usable Design Just-In-Time Click-Through Agreements: Informed, Unambiguous Consent
Usability Results • + The prototype worked fairly well (72%) and was easy to navigate (76%), but it had poor visual appeal (42%) • + Users understood the concept of a personal assistant who could provide services (92%) • + Users understood (>90%) the major functions (create, modify, track, results)
Network & Privacy • Agent Onion Routing Network • Digital Rights Management for Privacy • Reputation System • Scalability
Practical solutions to provide privacy in agent technology Agent Digital Signature Pseudo anonymous Task Agents Confidential communication: E-E-D encryption Agent -PKI Insight in challenges for agent technology / mobile code Theoretical results (IEEE Symposium on Information Theory): Definition perfect secrecy Theoretical boundaries PhD Thesis TUD : “ Private Computing and Mobile Code Systems”K. Carthrysse 2005: ISBN 10:90 90199-53-5 Security & Privacy in PISA Agents
Security & Privacy research is recognized as important in Dutch scientific community; But also in politics: Ministry of Economical Affairs subsidizes technical projects in privacy; Industry / business becomes aware of importance to protect privacy; STIMULUS AND RATIONALE FOR NEW PRIVACY RELATED RESEARCH AND EXPLOITATION Results
Continuation of the PISA work: RAPID: Roadmap Privacy & Identity Management FP6 PRIME: Privacy and Identity Management; Ontology & HCI LOBSTER: Intrusion Detection Geant2; Anonymous data PAW: (Privacy in an Ambient World): Catholic University of Nijmegen, University of Twente, Delft University of Technology, TNO BASIS: (Biometrics and Privacy) : University of Twente, Technical University Eindhoven, CWI, Philips Privacy and RF- ID tags: - TNO Study for Dutch government, RFID-Certification - TUD Thesis Anonymus RFID e- ticketing system Continuation