Download - Privacy Management for
![Page 1: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/1.jpg)
Privacy Management for
J. Alex Halderman Brent WatersEdward W. Felten
Princeton UniversityDepartment of Computer Science
Portable Recording Devices
J. A. Halderman 1 of 10
![Page 2: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/2.jpg)
Camera Phones
170 million in 2004
= +× 170 million =
NewPrivacyThreats
Ubiquitous
Recording
J. A. Halderman 1 of 10
![Page 3: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/3.jpg)
New Privacy Threats
J. A. Halderman 2 of 10
A Breakdown of Social Norms
![Page 4: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/4.jpg)
Augment them, don’t replace them
Previous Approaches
Law/Policy
Usage RestrictionsLocal Bans
TechnologySignal from beacon disables recording
features
J. A. Halderman 3 of 10
Based on location, not full context Decide before recording, not playback
Coarse-Grained Restrictions
![Page 5: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/5.jpg)
Our Approach
J. A. Halderman 4 of 10
Privacy protection built intotrusted recording devices
![Page 6: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/6.jpg)
Our Approach
J. A. Halderman 4 of 10
Recording subjects control useNegotiate using their
devices (assume discovery method)
![Page 7: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/7.jpg)
Defers privacy decision to last possible moment
Our Approach
J. A. Halderman 4 of 10
Encrypt recording before storingKey share retained by
privacy stakeholders
Must ask permission to decrypt
![Page 8: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/8.jpg)
Our Privacy Requirements
J. A. Halderman 5 of 10
1. Unanimous Consent2. Confidentiality of Vetoes
Colluder
![Page 9: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/9.jpg)
Our Applications
J. A. Halderman 6 of 10
Laptops/WiFi AOL Instant Messenger
• Protects audio recordings
• Manual discovery
• Protects chat logs • Discovery handled by
AIM
![Page 10: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/10.jpg)
Alice and Bob tell Carol kAlice kBob without revealing other
informationabout kAlice or kBob to anyone
Variation on Chaum’s “Dining Cryptographers”
Secure XOR
J. A. Halderman 7 of 10
BobAlicekBob SecretSecret kAlice
Carol
![Page 11: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/11.jpg)
A & B choose and exchange random blinding factorsA & B each XOR both blinding factors with their secret input and send the result to CarolCarol XORs these messages to learn kAlice kBob
BobAlicekBob SecretSecret kAlice
Secure XOR
J. A. Halderman 7 of 10
BBob Blinding factorBlinding factor BAliceBBob BAlice
kAlice BBob BAlice BBob BAlice kBob
CarolkAlice BBob BAlice BBob BAlice kBob
= kAlice kBob
Carol does not learn kAlice or kBob
![Page 12: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/12.jpg)
Private Storage Protocol
8 of 10
“Create” Operation
J. A. HaldermanIdentify stakeholders
Need a trusted recording device for
now
![Page 13: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/13.jpg)
Private Storage Protocol
8 of 10
“Create” Operation
J. A. Halderman
Choose random keyshares
k1=0110100k2=1011101
Securely tell recorder k1 k2
Secure XOR
k1 k2=1101001
Encrypt using k1 k2 as key
key=1101001
Recorder discards plaintext, keyStakeholders hold on to shares
![Page 14: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/14.jpg)
id=2100624 owners=Alice,BobkAlice=0110100
Secure XOR
Private Storage Protocol
8 of 10
“Decrypt” Operation
J. A. Halderman
id=2100624 owners=Bob,AlicekBob=1011101
id=2100624owners=Alice,Bob
Requestor sends request
May we decrypt <2100624>?
Cryptography provides strong protection
Stakeholders apply policies
Secure XOR
To grant, input keyshare into XOR
key=1101001 ?
To deny, give random input to XOR
1110001key=1000101 ?
Vetoes remain confidential
![Page 15: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/15.jpg)
Private Storage Protocol
J. A. Halderman 8 of 10
“Create”
Location Service
Storage
Recorder BRecorder A
Data In Data In
PersistentAgent A
PersistentAgent B
Player
Agent A Agent B
Keyshare Keyshare
Encr
ypte
d Re
cord
ing
“Decrypt”
Policy Policy
Data Out
![Page 16: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/16.jpg)
Privacy in Practice
J. A. Halderman 9 of 10
A Problem of ComplianceCommunity of like-minded people:Social pressures, local policies, etc.
Privacy law can provide further incentives
Convince manufacturers to build it in:Regulatory pressure, customer demand
![Page 17: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/17.jpg)
Conclusions
J. A. Halderman 10 of 10
Ubiquitous recording
brings privacy threats
Technology can give control
back to recording subjects
Widespread compliance among like-minded groups
![Page 18: Privacy Management for](https://reader034.vdocuments.mx/reader034/viewer/2022042822/56815f74550346895dce7766/html5/thumbnails/18.jpg)
Privacy Management for
J. Alex Halderman Brent WatersEdward W. Felten
Princeton UniversityDepartment of Computer Science
Portable Recording Devices