inf529: security and privacy in informaticscsclass.info/usc/inf529/s20-inf529-lec13.pdf ·...
TRANSCRIPT
INF529: Security and Privacy
In Informatics
Technology and Privacy
Prof. Clifford Neuman
Lecture 1317 April 2020Online via Webex
Course Outline
• What data is out there and how is it used
• Technical means of protection
• Identification, Authentication, Audit
• The right of or expectation of privacy
• Social Networks and the social contract – February 21st
• Criminal law, National Security, and Privacy – March 6th
• Big data – Privacy Considerations – March 13th
• International law, Jurisdiction, Privacy Regulations
• Privacy Regulation (civil) and also Healthcare – April 3rd
• The Internet of Things – April 10th
• Technology – April 17th
• Other Topics – April 24th
• The future – What can we do – may 1st
April 24th Presentations
Elections and Politics
• Jon Melloy - Elections
• Carlin Cherry - Security of Political data and its
monetization
• Ashwin Nirantar - Security and Privacy in Election
Campaigns
May 1st Presentations
Biometrics and related technologies
• Vaidhyanathan S - Privacy Concerns for Biometrics
• Yi-Ting Lin - Privacy of Facial Recognition
• Haotian Mai - Access and use of DNA database by
government agencies especially for criminal
investigation.
April 17th Presentations
Privacy Technologies
• Jordan Smallwood – Privacy in Developed vs
Undeveloped Countries
• Neekita Salvankar - Geospacial Data and Privacy
• Kriti Jain - Blockchain and Data Privacy
• Dimple Gajra - Privacy in the Chrome Browser
• Vraj Patel - privacy-focused browsing
• Aakarsh Sharma - A Framework for Improving Data
Privacy and Security of Public Cloud-based Enterprise
Resource Planning Systems - Privacy in Cloud
Computing
Global Security Policies of
Major Nations
Jordan Smallwood
Denmark
Legal Environment The Danish Act on Network and Information Security
of Domain Name Systems and Certain Digital
Services (Critical Infrastructure)
The General Data Protection Regulation (Data
Protection)
The Danish Companies Act (Corporate Oversight)
The Danish Copyright Act (Intellectual Property)Legislative and regulatory efforts
Technical
Competence
Currently #1 in cybersecurity
Never outside of top 5
Highly digital society
Top 5 in cryptography
Centralized digital id’s
Innovative in automatic thread detection
Countrywide technology
standards
Strategy Everyday Safety
Better Competencies
Joint Efforts
National strategy and support
agencies
Education This is Denmark’s weakness
Not a lot of political support for educating
the populace
However, general digital education is high
Country sponsored education for
citizens, R&D
Cooperation Centre for Cyber Security (CFCS) - Works
with Defence Intelligence
Denmark sees itself as European
cybersecurity leader
2019/2020 international policy is strong
cooperation with US given similar threat
vectorsHow it relates with other countries
and their cybersecurity policies
Japan
Legal Environment Japan Institute for Promotion of Digital
Economy and Community (JIPDEC)
Personal Information Protection Act
Basic Cybersecurity Act
Legislative and regulatory efforts
Technical
Competence
Large workforce gap
Cybersecurity and IT professionals are
highly trained and well compensated
Aging population causing Japan to lose
ground in technical competence past 2
years
Countrywide technology
standards
Strategy Mission Assurance of Service Providers
Risk Management
Participation, Coordination, and
Collaboration
National strategy and support
agencies
Education Article 15 of the Cyber Security Act
Education large portion of country strategy
Country sponsored education for
citizens, R&D
Cooperation Strong cooperation with other countries
Mainly a support player compared to major
nations
Needs larger nations to protect them from
shared enemies
How it relates with other countries
and their cybersecurity policies
Canada
Legal Environment Very underdeveloped when it comes to
citizen to citizen
Most laws relate to citizens’ privacy from
government and businesses
Personal Information Protection and
Electronic Documents Act (PIPEDA)
Legislative and regulatory efforts
Technical
Competence
Made commitment in 2010 to improve
technical competence
Reduced state sponsored security attacks
every year since
$1.7B of GDP, growing at 66%
Countrywide technology
standards
Strategy Security and Resilience
Cyber Innovation
Leadership and Collaboration
National strategy and support
agencies
Education Not really any around cybersecurity
Primarily focused on STEM
Country sponsored education for
citizens, R&D
Cooperation Trying to be key partner in:
Quantum Computing
Blockchain
How it relates with other countries
and their cybersecurity policies
United Kingdom
Legal Environment Among the strongest cybersecurity laws
GDPR
Strongest against businesses
Legislative and regulatory efforts
Technical
Competence
Low technical competence compared to
other major nations
Good at setting standards, but not the
technical details of standards
Countrywide technology
standards
Strategy
National strategy and support
agencies
Education Spending significantly to improve
education
Large skills gap in domestic industry
Country sponsored education for
citizens, R&D
Cooperation Standard partner
Usually the global moral voice
Doesn’t get involved in defending other
countries
How it relates with other countries
and their cybersecurity policies
United States
Legal Environment Strong cybersecurity laws
The only country that tries to operate as a
global judge
Businesses have most legal influence in US
Legislative and regulatory efforts
Technical
Competence
Typically top 5 - best minds immigrate here
Pioneers or partners for most cybersecurity
innovations
Domestic standards inform global
standards
Countrywide technology
standards
Strategy Protect the American People, the
Homeland, and the American Way of Life
Promote American Prosperity
Preserve Peace Through Strength
Advance American Influence
National strategy and support
agencies
Education Among top educators of cybersecurity
talent
Significant publisher of academic research
Country sponsored education for
citizens, R&D
Cooperation Very cooperative
Many allies
Chaotic good player
How it relates with other countries
and their cybersecurity policies
Appendix
https://www.comparitech.com/blog/vpn-privacy/cybersecurity-by-country/
https://www.secureworldexpo.com/industry-news/countries-dedicated-to-cybersecurity
https://www.nextgov.com/cybersecurity/2019/02/which-country-has-best-cybersecurity-it-isnt-
us/154794/
https://www.usnews.com/news/best-countries/articles/2019-02-01/china-and-russia-biggest-cyber-
offenders-since-2006-report-shows
https://www.forbes.com/sites/daveywinder/2020/03/03/us-drops-from-5th-to-17th-most-cyber-
secure-country-study-shows/#58f15274c697
Neekita Salvankar
INF 529 – SPRING 2020
OUTLINE
Applications which use location data
Why do we use LBS?
How do Location-Based Services determine user’s location?
What data do these services collect?
What can we infer from location-based data?
Some location-based privacy breaches
What Information Does Your Service Provider Collect And Store?
System Architectures for Online Location Privacy
Nearest-Neighbor k-Anonymizing
Role of LBS in contact tracing
Legal Privacy Protections for Location-Based Services
Statutory Protections for Location-Based Services
Reinforcing Privacy Protections for LBS
Privacy Fixes: Simple Ways to Protect Data
References
Location based services (LBS)
Location based services (LBS)
Location based services (LBS)
Why LBS?
LBS stands for Location-based services.
They are applications that provide information to users based on their location.
They provide tailored services as you move from one place to another.
LBS provides services with best efficiency – but after compromising privacy
The more we try to protect our privacy – the lesser customization we receive.
How do Location-Based Services determine user’s location?
Cell tower-based identification: Cell
phones can determine their own
location based on nearby cell-relay
towers and provide this information to LBS running on the
phone. Currently this information is
accurate to within 100 meters. They provide
tailored services as you move from one
place to another.
Global Positioning System (GPS): GPS-
enabled devices receive signals from a network of satellites and use trilateration
to get the device’s location. GPS location
information is accurate to within 20
meters
WiFi Triangulation: Some devices and services determine
location by surveying signals of nearby
wireless networks and comparing those signals to a list of known wireless
access points. WiFi Triangulation is
accurate to within 200 meters.
Internet Protocol (IP) Address
Approximation: Any website or Internet-
based service can approximate a
device’s location based on its IP address, which
roughly maps to geographic location.
The precision of IP approximation varies;
generic addresses may only identify a
given metro area,20 while certain IP
addresses can identify a specific university
campus or other location.
What data do these services collect?1. 1. User ID
2. 2. Date
3. 3. Time
4. 4. Latitude
5. 5. Longitude
6. 6. Zip code
7. 7. Time at location
Is location tracked while you are not using the application?
Depends on settings on the phone
Not if your cell is switched off
Location services or GPS are irrelevant. The only thing that is needed is for your phone to be active on the carrier’s network. The carrier can use their cell towers to triangulate your position
What can we infer from location-based data?
Location information collected from consumers, knowingly and unknowingly, can reveal far more than just a consumer’s latitude and longitude
Knowing where a consumer is can mean knowing what he is doing – like attending a religious service or a support meeting, visiting a doctor’s office, shopping for an engagement ring.
It can infer:
1. knowing with whom he spends time, and how often
2. location data can be aggregated to reveal his regular habits and routines—and when he deviates from them
Uber’s controversial feature
Uber introduced a feature in 2016 that always enabled the app to collect location data from its users.
If you had the app installed on your mobile device, it would track you during a ride, and for five minutes after you reach your destination.
Although Uber stated they are doing this in order to improve their service, location tracking could give them much more info.
They could find out your daily routes, which way you go after a fare and your habits just by following you around in background.
The story ended with Uber agreeing to encrypt user location data while it is sent to Uber’s servers, and while it is moved between them.
Some employees used the data to track ex-girlfriends and boyfriends, as well as some celebrities, the company’s officials tracked journalists, and the company is known for its poor security practices regarding private data.
Snap Chat's Poor Security Practices
More than 4.6 million Snapchat users were affected by a data breach in 2014, exposing their usernames and numbers, as well as their locations.
With the release of Snap Map, the social feature showing all your Snapchat friends’ locations on a digital map, things became much worse.
The problem is that the app isn’t a full social network, thus leading to many users having Snapchat friends they have never seen or meet in person. And when you combine Snap Map with having many friends you never actually met, you have a big issue.
Snap Map can be great, but it can also be a huge security risk. Your private location data can be seen by anyone you befriended on Snapchat because the company didn’t explained users their location is shared automatically on Snap Map every time they open the app
An App That Reveals Tinder Users’ Locations
The app, called Tinderfinder was able to pinpoint each user on a map, showing their exact location.
This was done by exploiting a massive flaw in Tinder’s security.
Tinder had stated that its user’s location data was always encrypted , except it was not.
This made Tinderfinder to pinpoint any user on map by simply triangulating their position based on the data available on every smartphone running the app.
Some other location-based privacy breaches
McDonald’s India Leaking User Location Data: one payments company discovered a leaky API inside a McDelivery mobile app that uncovered many forms of private data of the app’s users.
Amazon’s S3 cloud storage service: Security researchers working for Kromtech discovered that more than 540,000 GPS tracker devices’ data, stored on S3 can be freely accessed online because of inadequate security measures. Leaked records include tracker’s IMEI number, their locations, along with complete GPS data logs.
What Information Does Your Service Provider Collect And Store?
Service providers (like AT&T, Sprint, Verizon, and T-Mobile) collect data but are not forthcoming in detailing exactly what data they collect, the reasons they collect it, and their data retention policies.
At the very least, smartphone service providers collect the following:
▪ Incoming and outgoing calls: the phone numbers you call, the numbers that you receive calls from, and the duration of the call;
▪ Incoming and outgoing text messages: the phone numbers you send texts to and receive texts from;
▪ How often you check your e-mail or access the Internet;
▪ Your location.
Service Providers not only store and collect our data, but also sell it
In 2018, four of the largest U.S. cell carriers were caught selling and sending real-time location data of their customers to shady companies that sold it on to big spenders, who would use the data to track anyone “within seconds” for whatever reason they wanted.
At first, little-known company LocationSmart was obtaining (and leaking) real-time location data from AT&T, Verizon, T-Mobile and Sprint
They were selling access through another company, 3Cinteractive, to Securus, a prison technology company, which tracked phone owners without asking for their permission.
Service Providers not only store and collect our data, but also sell it
Other player in the location-tracking business is Zumigo. A payment of $300 and a phone number was enough for a bounty hunter to track down the participating reporter by obtaining his location using Zumigo’s location data, which was continuing to pay for access from most of the carriers.
Zumigo sold that data on — like LocationSmart did with Securus — to other companies, like Microbilt, a Georgia-based credit reporting company, which in turn sells that data on to other firms that want that data.
T Mobile’s Privacy Policy
T Mobile states they share our personal data with the following:
1. With Your Consent or at your Direction
2. To the Primary Account Holder
3. To Provide Special Discounts
4. To Our Service Providers
5. To Identity Verification and Fraud Prevention Services
6. Caller ID Providers
7. In a Business Transfer or Transaction
8. For Legal Process & Protection
Role of LBS in Contact Tracing
Role of LBS in Contact Tracing
It may be possible that the victim/patient is not able to identify every person he/she interacted with at a place.
This is when LBS and its data comes into picture.
LBS can help to determine which users were present at the same place and at the same time as the victim.
This way, it is easier to identify people possibly infected because of the patient, get them tested, keep them in isolation and thus prevent the spread.
Application –Coronavirus tracking app that puts privacy first
Initiative by Professor Cyrus Shahabi and his lab members.
They are working on a contact-tracing app that aims to answer the question: based on my location trails, what is my risk of being infected with coronavirus?
The app allows users to enter symptoms and locations visited, and provides an individualized risk analysis, identifying potential hot spots.
It could help officials trace where the virus is going and alert nearby people automatically, advising testing or temporary isolation.
The project is proposed for a National Science Foundation Rapid Response Research award, which was created in response to emergency cases such as the coronavirus pandemic.
System Architectures for Online Location Privacy
Third trusted party architecture: A centralized
trusted entity is responsible for gathering
information and providing the required privacy for each user. Analogous to
output perturbation.
Client-Server architecture : Users communicate
directly with the sever with noisy locations. Analogous to input
perturbation
Nearest-Neighbor k-Anonymizing
Quad treesK -
Anonymization
Legal Privacy Protections for Location-Based Services
Privacy laws are mired in the past and fail to provide the necessary legal protections for this sensitive information.
Court decisions over the past 40 years leave it unclear whether the Constitution requires law enforcement officers to obtain a judicially-approved search warrant before accessing the various types of information that may be collected by LBS.
Because location-based technology is so new and the judicial process moves slowly, courts have yet to address the specific issue of how constitutional protections apply to the type of information held by LBS
Legal Privacy Protections for Location-Based Services
The Supreme Court has not addressed location privacy since the 1980s, when the tracking technologies available were much cruder.
In cases from that era, the Court held that the government must obtain a warrant before using technology to infer facts about “location[s] not open to visual surveillance,” but that no warrant was necessary to track someone in purely public locations.
Modern technologies make it possible to track an individual in detail over a prolonged period, 24 hours a day
Ultimately, the only thing that is clear about constitutional protections for LBS information is the lack of clarity. In the absence of clear constitutional protection, consumers may need to rely on other avenues, such as statutory protections, to safeguard the privacy of their LBS information.
Statutory Protections for Location-Based Services
The primary federal law that should—but does not—provide clear statutory protection for LBS information is the Electronic Communications Privacy Act (ECPA).
Congress was concerned that information in the control of third parties “may be open to possible wrongful use and public disclosure by law enforcement authorities as well as unauthorized private parties” and designed ECPA to provide statutory protection for electronic communications and records (in transit or in storage) to supplement the protections offered by the Constitution
Unfortunately, ECPA was enacted in 1986, back when available technologies included a two-pound cell phone and the World Wide Web did not even exist.
ECPA did not anticipate many of the technologies that we use today and the sensitive personal information that would be collected and stored by these services.
Statutory Protections for Location-Based Services
It is particularly difficult to apply an outdated law such as ECPA to the rapidly evolving world of LBS.
In addition to providing questionable privacy protections, ECPA also lacks a mechanism to provide transparency or recordkeeping around demands for LBS information.
Unlike a traditional search of a house or physical space, demands for electronic records from a third party can be carried out easily without the subject’s knowledge and are often issued under seal or subject to a gag order.
Sealed surveillance applications are not made public so only the court and the government knows about them. Because the government is not motivated to move to unseal the orders or reveal how often these demands are made, they may never become public.
While a suspect who is eventually charged with a crime may become aware of surveillance through the discovery process, innocent people may never find out that they too were subject to surreptitious tracking
Reinforcing Privacy Protections for LBS
LBS Providers Should Establish and Follow Robust Privacy Practices: LBS providers should think carefully about what information to collect and for how long to retain and use it to avoid privacy disasters, security breaches, and time-consuming demands for information from the government or third parties down the line.
LBS Providers Should Protect User Information with All Available Technical Tools: Companies can also improve trust in LBS by using technological tools that protect user privacy. LBS should provide controls that allow users to view, edit, and delete their own information, including choosing which (if any) other users or services can access their information. LBS should also routinely delete data and use effective anonymization and blurring procedures that do more than remove obvious identity markers.
Reinforcing Privacy Protections for LBS
LBS Providers Should Push for Updated Privacy Law: LBS providers should actively engage with policymakers and push for updates to ECPA and other legal reforms that clarify and strengthen the legal protections for consumers. It is good both for the public and for business to have strong and clearly defined protections for the information that LBS collect, use, and retain.
Privacy Fixes: Simple Ways to Protect Data
Strip Location Data From Your Photos
01Limit GPS Tracking
02Choose landmarks for pickup/drop when using Uber/Lyft
03Watch out for Bluetooth vulnerability
04Use ‘Only while using App’ option to share data with services
05
References
Professor Cyrus Shahabi’s CSCI 587 : Geospatial Information Management class
George Danezis Data & Query Anonymization GA17
Kobbi Nissim, et al. Differential Privacy: A Primer for a Non-technical Audience. February 14, 2018
[Andres et. al., CCS 2013] Andres et. al. “Geo-indistinguishability: differential privacy for location-based systems” CCS 2013
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html
https://turtler.io/news/top-11-worst-location-data-privacy-breaches
https://www.consumerreports.org/privacy/30-second-privacy-fixes/
https://us.norton.com/internetsecurity-how-to-ten-ways-to-keep-your-data-private.html
https://consumercal.org/about-cfc/cfc-education-foundation/what-information-does-your-service-provider-collect-and-store/
https://techcrunch.com/2019/01/09/us-cell-carriers-still-selling-your-location-data/
https://www.t-mobile.com/privacy-center/our-practices/privacy-policy
https://techxplore.com/news/2020-04-coronavirus-tracking-app-privacy.html
Blockchain and Data Privacy
Presented By: Kriti Jain
TOC
OVERVIEW
BLOCKCHAIN vs DATA PRIVACY REQUIREMENTS
PRIVACY AND SECURITY TECHNIQUES TO BE USED IN BLOCKCHAIN
FUTURE SCOPE
Overview of Blockchain
“A blockchain is a shared database that records transactions between two parties in an immutable ledger. ”
● the hash chained storage,
● digital signature , and
● the commitment consensus for adding a new block to the globally chained
storage
How does Blockchain work
POTENTIAL CONFLICTS BETWEEN BLOCKCHAIN & DATA PRIVACY LAWS
1. Anonymity, Pseudonymity, and Privacy Law Applicability
2. Data Controller and Data Processor Identification
3. Territorial Considerations
4. Cross-Border Data Transfers
5. Legitimate Reasons for Processing Personal Data
6. Immutability and Individuals’ Rights
ANONYMITY, PSEUDONYMITY, AND PRIVACY LAW APPLICABILITY
Anonymity
● The private keys allow for access,
● The public key is an address for inter-user transaction detached from any personally
identifying elements.
When is data personal in terms of GDPR and CCPA ?
The CCPA and GDPR defines personal information that includes:
● “online identifiers,”
● unique identifiers that encompass “persistent or probabilistic identifiers that can
be used to identify a particular consumer or device”
Cookie IDs that are enriched with further
information – traffic data or metadata –
are also personal data.
Methods exist for linking
individuals to public keys by
analyzing blockchain transactions
and other publicly available data.
Are IP addresses personal data?
Complying with the data privacy laws:
● Reduce the risk of identifying individual participants
● Introducing alternative cryptographic approaches.
● Carefully assessing specific blockchain implementation details.
● Reviewing potential re-identification methods and risks.
● Monitoring emerging guidance.
DATA CONTROLLER AND DATA PROCESSOR IDENTIFICATION
Who is the actual Data Controller for the data processing in blockchain?
In the Public Blockchain:
● The developer? No
● The initiator of a transaction? Yes
● The miner and the node operator ?
Each public blockchain node independently processes the same transaction data set, at least during the block
verification process. This might lead to classification of each blockchain node as a “joint controller” under the GDPR.
In the Private Blockchain:
● The developer ? No
● The initiator of a transaction? Yes
● A central operator or consortium likely qualifies as joint controller if they:
○ Have control over the blockchain system, like a traditional system architecture.
○ Determine the purposes and means for any personal data processing.
Public vs Private Blockchain
CNIL Guidance
● Participants that have full writing rights to enter transactions on the blockchain and to
send the data for validation to miners.
● Accessors that may retain full copies of a blockchain but have read-only rights.
● Miners that validate transactions and create new blocks according to the
implementations governance model.
TERRITORIAL CONSIDERATIONS
Data privacy laws often apply according to as
● The CCPA - the personal information of California residents.
● The GDPR to personal data processing:
○ By either controllers or processors established in the EU or the broader EEA;
○ Involves offering individuals goods or services in the EU;
○ Online behavioral monitoring of individuals in the EU.
Jurisdiction problems
● Private blockchains :
○ it is easier to create legal framework and internal governance structure
● Public blockchains :
○ Significant overhead costs.
○ Common public-private key pairing for encryption may bring in many regimes’
scope.
CROSS-BORDER DATA TRANSFERS
● Raises tensions
● GDPR requires specific safeguards
in the recipient jurisdiction to
ensure the same or an adequate
level of protection.
Basis of cross-border data transfers
How to implement safeguards ?
● Normally require some centralized compliance program to implement them.
● Are especially difficult to consider implementing in public blockchains with
their undefined participant groups
Example of cross border data transfer in blockchain project
LEGITIMATE REASONS FOR PROCESSING PERSONAL DATA
● Consent
● Contract
● Legal obligation
● Weighing of interests
● Public interest
● Legitimate interest
Implications of data processing on lawful basis
Summary of lawful basis vs legal rights
IMMUTABILITY AND INDIVIDUALS’ RIGHTS
Data privacy laws increasingly grant individuals with rights
1. Regain a measure of control over personal data.
2. Protect personal data from monetization or exploitation without their consent or other
justification
Erasure of blockchain data ?
1. A backward deconstruction of the
blockchain up to and including the
targeted record.
2. A reconstruction of the blockchain
from the point of the deleted data
forward.
Major conflict : The right to deletion or the right to be forgotten
Blockchain simply does not provide
for the option that anything should
be deleted – this is also a security
feature of blockchain.
GDPR-Blockchain Compliant Architecture
Potential steps for achieving data protection compliance in Blockchain
1. Evaluating blockchain technology
2. Preferring private or permissioned blockchains
3. Privacy by design
4. Adopting data encryption and destruction techniques to
protect personal data.
USE PERMISSIONED BLOCKCHAINS TO SUPPORT GOVERNANCE MODELS
■ Authorizing a selected number of vetted and approved participants.
■ Reducing and regulating the amount of personal data
■ Allocating data processing responsibility and accountability.
■ Managing cross-border data transfers.
■ Deploying data processing agreements between those playing controller
and processor roles
AVOID OR LIMIT PERSONAL DATA STORED ON BLOCKCHAINS
○ How to Stay Anonymous on the Blockchain ?
■ Mixing/Tumbling
■ Tor/Onion Routing
■ CoinJoin
Privacy-friendly blockchain techniques
● Combine on-chain and off-chain storage
● Adding noise to blockchain data
● Groups of encryption keys
● Usage of emerging MimbleWimble protocol and cryptocurrency GRIN
USE ALTERNATIVE DATA ENCRYPTION AND DESTRUCTION APPROACHES
1. Hashing or other irreversible data transformations.
2. Destruction of separately stored hashing or encryption keys.
3. Revocation of access rights
Blockchain GDPR compliance
THE FUTURE OF BLOCKCHAIN PRIVACY MANAGEMENT
Gartner’s Prediction -
By 2023, over 25% of GDPR-driven, proof-of-
consent implementations will involve blockchain
technology. This is an increase from less than
2% in 2018.
NewsArticle1
“A blockchain ID system adopts a user-centric
approach, eliminating central points of failure by
empowering individuals with self-sovereign
possession over their own data.”[7]
[8]
References
1. https://en.wikipedia.org/wiki/Privacy_and_blockchain#Peer-to-peer_network
2. https://arxiv.org/pdf/1903.07602.pdf
3. https://www.davispolk.com/files/blockchain_technology_data_privacy_issues_and_potential_mitigation
_strategies_w-021-8235.pdf
4. https://www.finextra.com/blogposting/16102/blockchain-versus-gdpr-and-who-should-adjust-most
5. https://www.ifc.org/wps/wcm/connect/da7da0dd-2068-4728-b846-7cffcd1fd24a/EMCompass-Note-63-
Blockchain-and-Legal-Issues-in-Emerging-Markets.pdf?MOD=AJPERES&CVID=mxocw9F
6. https://www.forbes.com/sites/andrewarnold/2019/01/02/heres-why-more-enterprises-are-considering-
blockchain-as-data-privacy-solution/#138f2c3ccb73
7. https://www.forbes.com/sites/robertanzalone/2020/04/08/ibms-growing-blockchain-networks-could-
strengthen-our-supply-chain-in-response-to-covid-19/#6db3e55667be
8. https://cointelegraph.com/news/blockchain-digital-id-putting-people-in-control-of-their-data
9. https://fintechnews.sg/30481/blockchain/singapore-canada-central-bank-backed-digital-currency/
Thank You !!
Privacy in Chrome Browser DIMPLE GAJRA
Contents
• Data collection
• Privacy features
• News
• References
Data collection
• Information stored locally
• Browsing history information
• Personal information and passwords
• A list of permissions that you have granted to websites.
• Cookies or data from websites that you visit
• Data saved by add-ons
• A record of what you downloaded from websites
• Google Location Services may include:
• The Wi-Fi routers closest to you
• Cell IDs of the cell towers closest to you
• The strength of your Wi-Fi or cell signal
• The IP address that is currently assigned to your device
• Searches stored in Google account
• Audio recordings
• Autofill passwords and URL of the site (anonymous and hashed)
• Payment details
• Save information of the computer
• Usage Statistics
• preferences, button clicks, performance statistics, and memory usage
• If synced: URLs of pages, declared age and gender information
• Shared with third parties : publishers, advertisers or web developers
Information sent to google:
Promotional tag
• Non-unique tag included when performing searches via Google (rlz=)
• measure the searches and Chrome usage
• Ctrl + Alt + T -> type rlz disable followed by the enter key, and then reboot your device.
• campaign_id=DESKTOP_FTD_TXT_GGL_US_NB_Flowers_Alone_Exact&adgroup_id=DESKTOP_FTD_TXT_GGL_US_NB_Flowers_Alone_Exact>Flowers_Alone&KW_ID=flowers&sikeywordid=43700008337640066&cvosrc=ppc.google.flowers&&adid=430417970364&gclid=EAIaIQobChMI6cHE5Mrt6AIVE6rsCh24kQYWEAAYAyAAEgLdOvD_BwE&gclsrc=aw.ds
• C:\Program Files\Google\Chrome\Application\5.0.375.38 and located rlz.dll -> rename rlz.dll to rlz.dll.bak
• Do not track:
• Chrome sends a DNT:1 HTTP header with outgoing HTTP, HTTPS and SPDY browsing traffic
• Not available in iOS
• Bluetooth:
• Google Chrome supports the Web Bluetooth API, which provides websites with access to nearby Bluetooth Low energy device with user’s consent.
• Chrome does not let any page communicate with a device unless you explicitly consent
• Physical web feature
• See a list of URLs being broadcast by objects in the environment around user
• Enable/Disable the Physical Web privacy option from within Chrome in Privacy settings
Ad selection
• building on the Differential Privacy techniques
• 5 years of anonymous telemetry information
• Federated Learning show that it's possible for your browser to
avoid revealing that you are a member of a group that likes
Beyoncé and sweater vests until it can be sure that group
contains thousands of other people
• Same site cookie :
• Adds two extra options for cookie management
• chrome://flags
• Improved cookie control UI in incognito mode
• third party cookies are blocked in private system
• Google wants to create a “privacy sandbox,” where websites are able to gather some information but ultimately hit a wall where the browser cuts them off
• Privacy Sandbox solution avoids fingerprinting
• The Privacy Sandbox moves away from individually identifying information of third-party cookies and uses an API in Chrome to centralize data and ensure it’s only accessible to marketers when Chrome determines user activity will be anonymous
Privacy Sandbox
“Create a thriving web ecosystem that is respectful of users and private by default.”
Three distinct tracks:Replacing Functionality Served by Cross-site Tracking
Turning Down Third-Party Cookies
Mitigating workarounds
Replacing Functionality Served by Cross-site Tracking
• Combating Spam, Fraud and DoS:
• Ad conversion measurement:
• Ads targeting:
• Contextual and first-party-data targeting fits into proposal of Privacy Model in that it only requires first party information about the page that the user is viewing or about that user’s activity on their site.
• Interest-based targeting
• Federated login
Turning Down Third-Party Cookies
• Separating First and Third Party Cookies: Requirement to label third party cookies as “SameSite=None, as well as require them to be marked Secure
• Removing third party cookies
Mitigating workarounds
• Fingerprinting:
• Privacy Budget
• Removing Passive Fingerprinting Surfaces
• Reducing Entropy from Surfaces
• Cache inspection
• Partitioning Cache content
• Navigation tracking
• Referer Clamping
• Network Level tracking
• DNS
News
• Temporarily rolling back this SameSitecookie requirements in light of the COVID-19 outbreak.
• Taking steps to prevent fingerprinting
• With a privacy budget, websites can call APIs until those calls have revealed enough information to narrow a user down to a group sufficiently large enough to maintain anonymity
• WebKit features intended to reduce pervasive tracking like Intelligent Tracking Prevention (ITP), which uses machine learning to squeeze cross-site tracking by putting more limits on cookies and other website data
• Google enables DNS over HTTPS
References
• https://www.theverge.com/2020/2/11/21126427/google-chrome-privacy-tools-private-network-browser-settings
• https://www.theverge.com/2020/4/3/21207248/chrome-samesite-cookie-roll-back-update-privacy-settings
• https://www.forbes.com/sites/billybambrough/2020/04/09/billions-of-google-chrome-users-now-have-another-surprising-option/#cebf8848ee6a
• https://www.google.com/chrome/privacy/whitepaper.html#measurepromotions
• https://google.github.io/physical-web/try-physical-web
• https://blog.chromium.org/2019/08/potential-uses-for-privacy-sandbox.html
• https://www.howtogeek.com/660088/how-to-enable-dns-over-https-in-google-chrome/
• https://blog.chromium.org/2020/01/building-more-private-web-path-towards.html
Thank you
Privacy Issues With Browsing and Increased Privacy–Focused Browsing
By Vraj Patel
INF 529
Topics Covered
▪ What information is collected by browsers and how it is used by browsers.
▪ Mitigations strategies introduced by browsers
▪ Privacy advantages and disadvantages of different browsers
▪ Private Browsing Mode
▪ Tor Browsers and difference from other general purpose browsers.
Information Collected By Browsers
▪ Cookies
– Small pieces of text stored on the computer by websites.
– Advertising and tracking network use cookies too.
– Used to show targeted ads.
– Data sold to other.
▪ Location
– Websites use geolocation to provide users with a local map, route, or suggest a nearby restaurant or hotel.
– “Always On” geolocation settings can be harmful for privacy, especially on Mobile devices.
– Geolocation data sold to brokers.
Information Collected By Browsers (Cont.)
▪ Browser History and Search Terms
– Profiling of the user from the History and Search Terms.
– Targeted advertising.
– Browser history for sale.
Mitigations strategies introduced by browsers
▪ Google Chrome introduced better cookie control and anti-fingerprinting feature.
▪ Required explicit consent from user for working of cross-site cookies in Chrome
▪ Cross-site cookies travel over HTTPS in Chrome.
▪ DNS over HTTPS is made mandatory in Chrome.
▪ New Fingerprinting and Cryptocurrency mining protection in Firefox.
Mitigations strategies introduced by browsers (Cont.)
▪ Firefox has added new utility to block trackers and also shows full report about it.
Mitigations strategies introduced by browsers (Cont.)
▪ Introduced Firefox Monitor to check your data is part of data breach or not.
▪ Firefox started to provide DNS over HTTPS.
▪ Chrome introduced new Same Site cookies requirements.
▪ Safari introduced Intelligent Tracking Prevention (ITP).
Privacy Analysis of Firefox Browser
Pros
▪ Open source tool
▪ First browser to introduce ‘Do NotTrack’
▪ Has Tracking Protection
▪ Phishing and malware Protection
▪ Blocks reported attack websites/web forgeries
▪ Warning when installing add-ons
▪ First Browser to introduce DNS over HTTPS
Cons
▪ Updates only once in 28 days
▪ Instance based
▪ Does not block the ads of those
▪ companies that agree to abide by
▪ Do Not Track rules.
Privacy Analysis of Chrome Browser
Pros
▪ Security Updates every 2 weeks
▪ All common browsers use Google’s Safe Browsing API
▪ Bug Bounty Program
▪ “Do not Track” request along the traffic
▪ Malware protection
▪ Mandatory DNS over HTTPS.
Cons
▪ Browser Extensions reduce privacy
▪ Closed Source Browser, hence no code-reviewing
▪ Instance based
Privacy Analysis of Safari Browser
Pros
▪ Prevents suspicious sites from Loading
▪ Runs webpages in separate processes, thus malware on one webpage doesn’t affect other webpages
▪ Doesn’t let third party leave cache data
Cons
▪ Updates only once in 2 months
▪ Do not Track Option does not guarantee privacy
▪ Closed Source tool
Private Browsing
▪ Browser stores several types of information only temporarily.
▪ With the closing of private browsing mode, browser will delete that data, including the record of your visit in the browser's history, cookies, and cached image files.
▪ Keeps your browsing private from other users.
Disadvantage:
▪ Does not remember history and can’t keep sessions.
What information does Private Browsing not save?
▪ Form and Search Bar entries
▪ Visited pages
▪ Passwords
▪ Cookies
▪ Cached Web Content and Offline Web Content and User Data
▪ Download List entries
Other Privacy Focused Browsers
▪ Maxthone
▪ Brave
▪ Dooble
▪ Avira Scout
▪ Epic Privacy
▪ Duck Duck Go
▪ Tor
Tor Browser
▪ Not just a browser, but an entire system with tools, browsers, APIs, and network.
▪ Gets be routed through a random set of "Tor nodes”.
▪ passes your data through a network of relay points using layers of encryption.
▪ Since years, its one of the best ways to stay anonymous and maintain privacy.
Advantages and Disadvantages of TOR
Advantages:
▪ Anonymity
▪ Continuity of service
▪ User friendly interface
▪ Lightweight application, takes less system resources
▪ Allows to access blocked sites
▪ Can run through USB flash drives
Disadvantages:
▪ its really slow
▪ Some relays can be blocked by ISPs/third parties
▪ Allows users to share illegal contents such as child pornography or online drug sales
▪ Tor can be insecure, because the exit node is unencrypted and anyone who gets hold of the exit node can track you and your activities.
Conclusion
▪ Each of these anonymizing methods can be defeated, but the more of them you add to your privacy solution, the harder it will be for another person or group to identify you.
▪ There are hundreds of thousands, if not millions, of privacy advocates that take one or more of these precautions to protect their privacy.
▪ All the browsers do a good job of hiding your internet tracks from anyone else using the same computer – if they have a casual interest or just peek in the usual locations where history and other tracks are usually stored.
▪ There should certainly be no obvious evidence of your website history if using Private Browsing. However, nobody can guarantee you that you are not tracked.
References
▪ https://techcrunch.com/2019/05/07/chrome-privacy-security-changes/
▪ https://blog.mozilla.org/blog/2019/10/22/latest-firefox-brings-privacy-protections-front-and-center-letting-you-track-the-trackers/
▪ https://techcrunch.com/2019/05/07/chrome-privacy-security-changes/
▪ https://support.microsoft.com/en-us/help/4536154/microsoft-edge-location-and-privacy
▪ https://www.theatlantic.com/technology/archive/2017/02/browsing-history-identity/515763/
▪ https://techcrunch.com/2019/04/09/mozilla-adds-fingerprinting-and-cryptocurrency-mining-protection-to-firefox/
▪ https://www.howtogeek.com/119458/htg-explains-whats-a-browser-cookie/
▪ https://vivaldi.com/blog/geolocation-privacy/
▪ https://money.cnn.com/2017/04/05/technology/online-privacy-faq/
Thank You
PRIVACY AND SECURITY IN CLOUD PLATFORMFramework for improving Data Privacy and Security in Cloud based ERP SYSTEMS
Presenter : AAKARSH SHARMA
OUTLINE
1. What is ERP ?
2. Why we need to move ERP to Cloud
3. Things to Consider while moving ERP to Cloud
4. Cloud Computing Paradigm and Privacy
5. Madrid Resolution
6. Privacy Enhancing Technologies
7. Challenges to Privacy in Cloud Computing
8. Cloud ERP – Privacy Implications
9. Privacy Laws
10. What can you do ?
11. References
.
WHAT IS ERP – ENTERPRISE RESOURCE PLANNING ?
▪ Business management software solution which is
used by companies for collecting, storing,
interpreting and managing data from
companies’ activities such as product planning,
accounting, project management, risk
management and compliance, supply chain,
marketing and sales, products and services
delivery, budgeting and forecasting, and others
▪ Integrates process across business functions
▪ Synchronizes Reporting and Automation
MULTIPLE SYSTEMS WITH DIFFERENT INFORMATION
SHARED AND CENTRALIZED DATABASE
Types of data ERP
hold and transact :
Customer data from
various sources and
platforms, vendor
related data,
inventory
management data,
budgets, payroll
and sales orders,
accounting and
banking are all
types of data that
ERP systems hold
and transact.
• Cloud Computing is the new Zeitgeist
• Setting up on-premises ERP systems is way too expensive compared to cloud setup
• Cloud platform enables more precise and profitable decisions with built-in analytics and machine learning
• Cloud provides real-time insight into day-to-day operational performance and financial trends from any device
• Adaptability to changing compliance regulations and accounting standards using revenue-management cloud services
• Risk management becomes automated with cloud based governance, risk and compliance (GRC) tools
• Easy networking, flexibility and scalability along with the Pay what you use model provided by cloud encourages innovation making it easy to integrate ERP with IoT and other emerging technologies
WHY IS IT WISE TO MOVE ERP TO CLOUD ?
CONCERNS RELATED TO MOVING ERPS TO CLOUD
• Moving sensitive data to a Public Cloud Platform
• Key Challenges are :
• Uncertainty around data storage arrangements
-> Insecurity among organizations regarding storing their data at external providers without having direct control over the data
• Lack of control over the security protocols and standards
-> Lack of control over the staff from the cloud provider
• Understanding SRM – Shared Responsibility Model for Security
• Organizations rely on cloud service providers (CSP) to deploy better security
measures
• 3 Cloud service delivery models – SaaS, PaaS and IaaS
• Each model has different divisions of responsibility with respect to personal data protection
• SaaS – The consumer has little or no influence over how input data is processed, but should be able to have confidence in the cloud provider’s responsibility and compliance or can control which input he gives to a SaaS
• PaaS – big responsibility lies with the developer to use best practices and privacy-friendly tools. The developer too has to rely on the trustworthiness of the underlying PaaS.
• IaaS - The responsibility lies with the cloud user to maintain compliance controls. IaaS guarantees more direct control but also leaves the customer responsible for the implementation of technical and procedural security and resiliency measures.
CLOUD COMPUTING PARADIGM AND PRIVACY
• The loss of control by cloud-service consumers represents a serious threat to data integrity, confidentiality and privacy principles. A good reference for use in defining universal principles for the protection of personal data and privacy is the Madrid Resolution
• This resolution was approved by data protection authorities from fifty countries, gathered in Madrid in 2009 within the framework of the 31st International Conference of Data Protection and Privacy. It states the urgent need to protect privacy in a world without borders and attain a joint proposal for the establishment of international standards on privacy and data protection
• Its purpose is to define a set of principles and rights guaranteeing the effective and internationally uniform protection of privacy with regard to the processing of personal data, and to facilitate the international flows of personal data inherent in a globalized world
MADRID RESOLUTION
• The basic principles that must govern the use of personal data include those of lawfulness and fairness, proportionality , purpose specification, data quality, openness and accountability
• These basic privacy principles are common to various countries’ legislation on the matter and enjoy wide consensus in terms of their corresponding geographic, economic or legal application environments
• Moreover, the Madrid Resolution encourages States to implement proactive measures to promote better compliance with applicable privacy protection laws relating to the processing of personal data, through instruments such as procedures to prevent and detect breaches in, or adaptation of, information systems and/or technologies for the processing of personal data, particularly when deciding on the technical specifications and development and implementation of such systems and technologies
MADRID RESOLUTION (CONTINUED……)
There is no commonly accepted definition for the term Privacy Enhancing Technologies (PETs). In general PETs are viewed as technologies that:
➢ Reduce the risk of contravening privacy principles and legislation
➢ Minimize the amount of data held about individuals
Allow individuals to retain control of information about themselves at all times.
• Proactive-measure requirements can be met through the implementation of PETs, designed to safeguard the data subject’s privacy and rights by protecting personal data and preventing its unnecessary and/or undesired processing.
• PETs include "opacity tools/technologies", i.e. tools and technologies which strive for data minimization like encryption, pseudonymization, anonymization etc., as well as transparency enhancing tools (TETs), providing users with information about privacy policies or granting them online access to their personal data
PET – PRIVACY ENHANCING TECHNOLOGIES
CHALLENGES TO PRIVACY IN CLOUD COMPUTING
• Main Privacy Challenges for Cloud Computing are :
• Complexity of risk assessment in a cloud environment
• Service providers cautious about offering guarantees for compliance-ready services
• Consumers wary of adopting the services
• Service providers promoting a simple way to flow personal data irrespective of national boundaries
• A real challenge arises here in terms of checking the data processing life cycle and it’s compliance with legal frameworks
• Apt questions need addressing in order to determine the risks to privacy and security :
• Who are the stakeholders involved in the operation ?
• What are their roles and responsibilities ?
• Where is the data kept ? How is the data replicated ?
• What are the relevant legal rules for data processing ?
• How will the service provider meet the expected level of security and privacy ?
• Emergence of new business models and implications for consumer privacy
• Technological advances in Cloud Computing have led to an explosion of new business models that depend on capturing consumer data at a specific and individual level and over time, including profiling, online behavioral advertising (OBA), social media services and location-based mobile services.
• FTC – Federal Trade Commission in their report expressed concern that this growth in data collection and use is occurring without adequate concern for consumer privacy since they are invisible to consumers and beyond their control
• According to FTC, the increasing low-cost data storage capability will lead companies to retain the data they collect indefinitely, thereby creating the incentives and opportunity to find new uses for it. As a result, consumers’ data may be subject to future uses that were not disclosed – and may not even have been contemplated – at the time of collection. However, in Europe there are legal instruments specifying the data retention period for personal data
• A September 2008 Pew Internet Data Memo reported that 69 per cent of Americans had either stored data online or used web-based software applications at least once. Using a Hotmail or Gmail account for e-mail, storing Firefox or Google browser bookmarks online, sharing friendships in cyberspace on social networks such as Facebook, maintaining a blog on WordPress and storing personal videos and photos on YouTube and Flickr are just some of the ways in which many people are already "working in the cloud" every day
CHALLENGES TO PRIVACY IN CLOUD COMPUTING (CONTINUED…)
• Regulatory Compliance
• Data protection and regulatory compliance are among the top security concerns for CIOs – Chief Information Officers
• According to the Pew Internet and American Life Project, an overwhelming majority of users of cloud computing services expressed serious concern about the possibility of a service provider disclosing their data to others.
• Ninety per cent of cloud application users said they would be very concerned if the company at which their data were stored sold them to another party
• Eighty per cent indicated that they would be very concerned if companies used their photos or other data in marketing campaigns
• Sixty-eight per cent of users of at least one of the six cloud applications said they would be very concerned if companies providing such services analyzed their information and then displayed adverts to them based on their actions
CHALLENGES TO PRIVACY IN CLOUD COMPUTING (CONTINUED…)
CLOUD ERP – PRIVACY IMPLICATIONS
• All the data the business has collected will almost certainly crossboundaries between countries, if not continents
• Potential of violation of privacy laws or regulations
• Cloud-based solutions involve distributed processing of the data, potentially exposing the data to consulting or contracting companies located almost anywhere in the world
• Leniency in implementing cloud security controls can lead to major casualties in data security and privacy
• Some of the biggest data breaches in the last 5 years have been in the cloud platform, a trend that will only grow unless businesses make significant strides in strengthening their defense mechanisms to protect their infrastructure, applications, critical servers housing sensitive data hosted on the cloud
• Compromise of cloud instance credentials unlock the door for data exfiltration
• Cloud-based storage companies like Amazon Web Services and ElasticSearchrepeatedly saw their names surface in stories of negligent companies -- in the fields of health care, hospitality, government and elsewhere -- which left sensitive customer data unprotected in the open wilds of the internet, to be bought and sold by hackers who barely had to lift a finger to find it
• Healthcare industry has been one of the worst hit businesses in the last 3 years as a result of the snowballing number of data breaches due to misconfigured cloud databases
CASUALTIES DUE TO LAX CLOUD SECURITY CONTROLS
• According to the UpGuard Data Breach Research Team, a misconfigured database exposed 14,000 documents containing medical, personal, and financial data from Medico, a healthcare billing and insurance data processing vendor
• On June 20 2019, the exposed Amazon S3 bucket was discovered, and UpGuard contacted the vendor within the day. Public access to the database was closed within hours
• The database contained 1.7 GB of spreadsheets, PDFs, images, and text files, outlining insurance benefits and claims, medical reports and records, internal business data, and legal documents. Most of the files were dated from 2018
• The researchers explained the data related to individuals whose medical business was processed by Medico, including banking details, insurance information, Social Security, and more personally identifiable information, like prescription histories. The database also included stored account names and default passwords.
• “Every document had full personal details,” researchers wrote. “Some included handwritten notes that had been scanned or faxed back into a digital format. The types of individuals were varied, but included groups like minors and veterans.”
INFAMOUS DATA BREACHES IN THE LAST 3 YEARS
• The cloud database of the Freedom Healthcare Staffing located in Aurora, Colorado was left with no password protection; personal info of healthcare workers and staff nurses were left exposed to hackers for 1 year
• Jeremiah Fowler, a researcher at Security Discovery found that the database was left unprotected for a decent amount of time leaving more than 957,000 healthcare records accessible to hackers
• The data which was exposed to hackers includes intimate details of employees like marital status, various internal communication records, job seeker and recruiter data, IP addresses, ports, pathways and storage data that would prove as a golden trove for hackers
• the network admin working for Freedom Healthcare Staffing left the access configuration as ‘publicly accessible’ which allows anyone to download, edit, or delete data without any admin privileges
• Researcher Jeremiah Fowler claimed that the data stored on the cloud database includes a nurse being accused of taking a patient’s painkiller, hospital authorities blocking the nurses’ urge to form a union, usage of banned drugs on the premise and more such complex issues
• As soon as Flower brought the issue to the notice of the authorities, the issue was fixed by securing the database with a password and encrypting the data with an algorithm
• On a recent note, a research carried out by Ponemon Institute claims that hackers are nowadays interested in hacking the cloud database as it is proving as a gold mine for threat actors. And if the network admins leave the databases unprotected, then it makes it easy for hackers to access the data and sell in on the dark web for a premium price
CONTINUED ….
What happened ?
On July 19, 2019, an outside individual gained unauthorized access and obtained certain types of personal information about Capital One credit card customers and individuals who had applied for our credit card products.
What was the impact ?
Capital One declared that Thompson had accessed about 140,000 Social Security numbers, a million Canadian social insurance numbers; 80,000 bank account numbers, and an unknown number of names and addresses of customers along with credit scores and transaction data
Breach Analysis
• The attacker allegedly created a program in late March to scan cloud customers for a specific web application firewall misconfiguration
• The attacker's prior role as a Software Engineer at AWS didn't lend any insider access in this case
• Once the tool found its target misconfiguration, Thompson allegedly exploited it to extract privileged account credentials for victim databases and other web applications
INFAMOUS CAPITAL ONE BREACH
• One gaining access to victims' cloud infrastructure using the stolen credentials, the attacker then allegedly accessed and exfiltrated data. But the indictment also claims that in some cases the attacker used this access to set up cryptocurrency mining operations using victims' cloud computing power—a practice known as cryptojacking
• The problem stemmed in part from a misconfigured open-source Web Application Firewall (WAF) that Capital One was using as part of its operations hosted in the cloud with Amazon Web Services (AWS).
• Known as “ModSecurity,” this WAF is deployed along with the open-source Apache Web server to provide protections against several classes of vulnerabilities that attackers most commonly use to compromise the security of Web-based applications
• The misconfiguration of the WAF allowed the intruder to trick the firewall into relaying requests to a key back-end resource on the AWS platform
• This resource, known as the “metadata” service, is responsible for handing out temporary information to a cloud server, including current credentials sent from a security service to access any resource in the cloud to which that server has access
• In AWS, exactly what those credentials can be used for hinges on the permissions assigned to the resource that is requesting them. In Capital One’s case, the misconfigured WAF for whatever reason was assigned too many permissions, i.e. it was allowed to list all of the files in any buckets of data, and to read the contents of each of those files .
CONTINUED ……
• Vulnerability exploited in the Capital One Breach –“Server Side Request Forgery” (SSRF) attack
• Tricking a server into running unauthorized commands allowing it to communicate with the metadata service
• How can Security Engineers and Cloud Service customers avoid such breach ?• Proper Configuration of WAFs
• Carefully choosing the cloud vendors
• Clear and distinct understanding of cloud security responsibilities
• Establishment and enforcement of cloud security policies
• Implementing meticulous configurations of database on cloud along with strong encryption such as AWS SDK
• Use intrusion detection and prevention technologies
• Secure endpoints
• Proper training of staff and specialized knowledge of AWS in operating various services like how EC2 works, understanding Amazon’s IAM – Identity and Access Management Systems, and how to authenticate with other AWS services is key here
• Audit your IaaS configurations regularly, conduct routine audits and penetration testing
• Regulatory Compliance is Key – Double check your compliance requirements
CONTINUED ..
PRIVACY LAWS
• Beyond the potential for criminal activities, there are critical personal liberty questions that are involved in the handling of private information
• Even if the information is not used for criminal purposes, the mere revelation of an individual’s private information can jeopardize careers and relationships
• The reaction of governments around the world has been to create new laws and regulations to protect the private data of individuals
• Private data is generally recognized to be information that can be used to identify a specific individual or is associated with an individual’s health history, criminal justice records, financial transactions, demographics, or even physical location.
• Violations of the laws and regulations around the management of this data can result in significant fines and even imprisonment of corporate officers.
• In some cases, the laws or regulations in place mandate strict control of the
transportation of data across national boundaries
• This is particularly likely in the European Union, but other nations have similar
laws and regulations. Similarly, many nations have laws or regulations
mandating strict privacy training for any contracting or consulting firm with
access to individual data. Both of these come into play with virtually every
cloud-hosted ERP solution
PRIVACY LAWS (CONTINUED……)
WHAT CAN YOU DO ?
• Proper and rigorous education on the applicable legal and regulatory guidelines it needs to
follow
• This will be based on both the location of its business activities and the eventual location of the
data processing itself
• These laws are always changing—usually in the direction of more stringent controls of such data—
so it is probably best to err on the side of overprotection of private data
• As part of the investigation of any cloud-based ERP solution, researching the hosting company’s
existing legal compliance with privacy laws and regulations is a critical step.
• Some pertinent questions to address like where the data will be processed and seek written
assurances that all contracting or consulting firms employed by the cloud-hosting company have
all required training and access restrictions
• Because data processing can be easily moved from one location to another, seek written
assurances that no such movement of your company’s data will occur without appropriate legal
and regulatory compliance validation before the data is moved to a new location. Check into
the company’s background to see if it has any existing legal or regulatory violations.
• It is also important to review your company’s data processing requirements so that the processing of individual private data is done on an as-needed basis only
• Private personal data, especially critical data such as government-issued identifications, financial history, credit card information, and other critical personal data should only be stored and used for purposes that require that use
CONTINUED …….
Questions?
REFERENCES1. 1. Gartner (2017), Hype Cycle for Application Security, 2017 (https://www.gartner.com/doc/3772095/hype-cycle-application-security-)
2. 2. Strategy& / PWC (2013), ERP in the cloud (https://www.strategyand.pwc.com/media/file/Strategyand_ERP-in-the-Cloud.pdf)
3.
4. 3. Oracle (2014), The Benefits of ERP in the Cloud (http://www.oracle.com/us/corporate/profit/big-ideas/072114-hcastel-2245635.html)
5. 4. https://healthitsecurity.com/news/2-misconfigured-databases-breach-sensitive-data-of-nearly-90k-patients)
6. 5. Fortune (2017), Why Fortune 500 Companies Are Trusting the Cloud More Than Ever (http://fortune.com/2017/09/13/amazon-microsoft-google-sap-cloud/)
1. 6. ERP on Cloud: Implementation strategies and challenges. (2012). ICCCTAM (pp. 56-59). Dubai: Cloud computing Technologies, Applications and management (ICCCTAM).
2. 7. https://www.panorama-consulting.com/cloud-vs-on-premise-erp-security-the-advantages-and-disadvantages/
3. 8. https://searcherp.techtarget.com/feature/Take-care-of-ERP-data-security-when-moving-to-the-cloud
4. 9. https://it.toolbox.com/blogs/erpdesk/cloud-erp-what-are-the-privacy-implications-070814
5. 10. https://www.bitglass.com/press-releases/2020-healthcare-breach-report
6. 11. https://www.mcafee.com/blogs/enterprise/cloud-security/top-19-cloud-security-best-practices/
7. 12. https://krebsonsecurity.com/tag/capital-one-breach/
Privacy Preserving Technologies
Technologies that can be employed by users to
improve their privacy and security.
And the negative implications of these technologies.
Storage Encryption
• File Sharing (not necessarily encrypted)
• TrueCrypt
• PGP
File Sharing• Freenet, bitTorrents, and related protocols
and applications support the decentralized
storage and distribution of files on the
internet.
• Originally intended to provide repositories for
data that could not be “silenced”, the content
of files are spread across many servers, with
duplicate pieces. These pieces are
reassembled when users request access to
the files.• They are often used to share protected content in
violation of copyright.
• Dangers to users of file sharing services:
• Most are configured by default to make your
machine a distribution point. Download a file,
and other may get that file from you.
• Or worse, files you never requested can be
loaded onto your computer and retrieved by
others.
• Comparison with TOR
Bittorrent (figure from Wikipedia)
File Encryption
• There are many tools and packages
available to encrypt individual files or
entire drives. Among these are the
whole drive encryption discussed in
the intro class, but software tools are
also available.
• PGP file encrypt – part of the PGP
package discussed earlier allows
encryption of files or folders using
the public key of an intended recipient
(or yourself).
• TrueCrypt was for some time the best option for file encryption, but the
last release removed the ability to encrypt files, and was accompanied
by statements urging that it not be used. It is widely believed that the
previous version is safe.
This WeekThe Dark Web
• Readings:– Time Magazine The Secret Web: Where Drugs, Porn
and Murder Live Online November 11, 2013.
– It’s About To Get Even Easier to Hide on the Dark Web,
Wired 1/28/2017.
– https://www.vice.com/en_us/article/ezv85m/problem-the-
government-still-doesnt-understand-the-dark-web
– US government funds controversial Dark Web effort
Anonymization
• For internet communication (email, web traffic) even if contents are
protected, traffic analysis is still possible, providing information about
what sites one visits, or information to the site about your identity.
• Tools are available that will hide your addresses
– Proxies
– Networks of Proxies – Onion Routing and TOR
Anonymizer and similar services
• Some are VPN based
and hide IP addressed.
• Some of proxy based,
where you configure
your web browser.
• Need the proxy to hide
cookies and header
information provided by
browser.
• You trust the provider
to hide your details.
• Systems like TOR do
better because you
don’t depend on a
single provider.
TOR
• Originally developed by US Navy to protect Internet
communications
• The problem:
• Internet packets have two parts – header and
payload
• Even if payload is encrypted, header is not
• Header lists originator and destination nodes – all
nodes along the way can read this information
• Why might this be a problem:
• Law enforcement may not want it known they are visiting a site
• General privacy protection.
TOR
TOR
• Continued development and improvement
with US funding (Dept of State)
• SAFER project:
• Develop improvements or similar
technologies that are less vulnerable to
persistent attempts to track users, e.g.
dissidents, etc.
TOR
From Engadget, 7/28/2014Russia offers a $110,000 bounty if you can crack TorCountries that have less-than-stellar records when it comes to dissenting voices must really, really hate Tor. Coincidentally, Russia's Interior Ministry has put out a bounty of around $110,000 to groups who can crack the US Navy-designed privacy network. After the country's vicious crackdown on dissenting voices back in 2012, protestors who hadn't escaped or been jailed began using anonymous internet communication as their first line of defense against the Kremlin. If you're considering taking part in the challenge (and earning yourself a tidy stack of cash to quell your conscious), be warned -- the bounty is only open to organizations that already have security
clearance to work for the Russian government.
TOR - Fundamentals
• Origin node accesses list of TOR nodes and creates
the packet:
• Starts by creating a packet consisting of payload and
header – header contains desired destination node
and final TOR node in zigzag route
• Now treats the above packet as a payload and creates
a header with origin and destination consisting of two
TOR nodes
• This is repeated until final packet contains a header with original source node and first TOR node identified
• …Hence the term “Onion Routing”
TOR - Fundamentals
TOR – Fundamentals
Source cybersolutons.ga and yourdictionary.com
TOR - Fundamentals
Source Node
Destination Node
T
T
T
T
T
TOR - Fundamentals
• List of TOR nodes periodically changes
• Zigzag route is periodically changed
• Not totally fool proof:
• If non-TOR browser opened within TOR browser,
security measures are void – basically going back
to “direct routing”
• Someone monitoring source and destination node
may note synchronization of packets being
sent/received.
• …to avoid: increase TOR traffic
Deep Web – TOR (These are old addresses)
• TOR (https://www.torproject.org/about/overview.html.en)
• http://deepweblinks.org/ - Lists sites in deep web
• http://ybp4oezfhk24hxmb.onion/ - lists a hitman website
• http://xfnwyig7olypdq5r.onion/ - lists a USA Passport site
• http://jv7aqstbyhd5hqki.onion/ - a hackers site
• http://2ogmrlfzdthnwkez.onion/ - rent-a-hacker
• http://www.infosniper.net/
TorSearch - http://kbhpodhnfxl3clb4.onion/
http://deepweblinks.org/
http://2ogmrlfzdthnwkez.onion/ - use inside TOR
http://ybp4oezfhk24hxmb.onion/ - use inside TOR
http://xfnwyig7olypdq5r.onion/ - use inside TOR
http://jv7aqstbyhd5hqki.onion/ - use inside TOR
Discussion
• Readings:– Society deserves privacy, but at what cost.
– Who defines “good use”
– Dark v. Deep Web
– How to control the dark web (technically)
INF529: Security and Privacy
In Informatics
A Bit More on IoT
Prof. Clifford Neuman
Lecture 1317 April 2020Online via Webex
Good Practices / Isolation
• For manipulators
• How we connect
– Pairing with local controller
– Security of Controller then becomes issue
• Local Governor – No override to unsafe states
• Problems arise from conflict between always on
access and need to protect.
• Push data from device, rather than pull/poll.
– But that creates power/efficiency issues
Accessible Telemetry
• GP Devices (smartphones, tablets laptops)
– More vulnerable to malware and other
compromise
– If compromised can collect event more data
than we have configured them to collect.
• Telemetry:
– Audio, Video, Location, Vibration
Camera Access
• Disable Your Laptop's Built-in Webcam to Protect Your
Privacy – Mark Wilson – Lifehacker – 6/27/14• Windows: Webcams offer a window
into your home, and they've been
known to targets for malware. If you
have a built-in camera, here's how
disable it and protect yourself.
• Malware can take over webcams,
so there is potential for your camera
to spy on you. You can easily
disable an external webcam just by unplugging it, but things are a little
different for integrated cameras.
• The simple solution is to just pop a piece of tape over the lens, but this is not
ideal. Sticky residue is left behind, and there is a risk that your improved
privacy shield could fall off. You could turn to third party software, but you can
also disable a webcam from within Device Manager.
Turning Devices Off
• How the NSA can 'turn on' your phone remotely –
CNN Money June 6 2014 - Jose Pagliery
• Even if you power off your cell phone, the U.S. government can turn it back on.
• That's what ex-spy Edward Snowden revealed in last week's interview with NBC's
Brian Williams. It sounds like sorcery. Can someone truly bring your phone back to life
without touching it?
• No. But government spies can get your phone to play dead.
• It's a crafty hack. You press the button. The device buzzes. You see the usual power-
off animation. The screen goes black. But it'll secretly stay on -- microphone listening
and camera recording.
Monitoring Vibration
• iPhone Accelerometer Could Spy on Computer
Keystrokes – Olivia Salon - Wired UK – 10/19/11• The accelerometers in many smartphones could be used to decipher what you
type into your PC keyboard — including passwords and e-mail content —
according to computer scientists at Georgia Tech.
• The technique depends on the person typing at their computer with their mobile
phone on the desk nearby. The vibrations created by typing onto the computer
keyboard can be detected by the accelerometer of the phone and translated by
a program into readable sentences with as much as 80 percent accuracy.
• The technique involves working through probability by detecting pairs of
keystrokes, rather than individual keys. It models “keyboard events” in pairs and
then works out whether the pair of keys pressed is on the left or the right side of
the keyboard and whether they are close together or far apart on the QWERTY
keyboard. Once it has worked this out, it compares the results to a preloaded
dictionary where each word has been broken down in the same way.
Back to Internet of Things
• At Home
– HVAC (Climate Control)
– Internet Web Cameras
– Television and Entertainment Devices
– Alarm Systems
– Doors and Locks
– Routers and Wifi
– SAN (Storage Area Networks) network disks
– Coffee Makers, Toasters, Refrigerators
– Home Automation, Lights, etc
– Garage Door Openers
IoT Devices
Ho
m
e
Pe
rso
na
l
Work or On-the-
Go
Vehicles
Slide by Veronica Molina
IOT in Home Security Systems
Slide by Veronica Molina
What is the role of IOT here ?
• Embedded devices withminimum CPU, memory andpower resources and able toconnect to internet.
• Ability of devices to performactions and not just sense thesurroundings.
• Ability to integrate into existingelectronic systems at home suchas smart phone, computer andother devices.
Slide by Veronica Molina
What are the attack surfaces ?
• Insecure web interfaces - Cross site scripting, SQL injection, session management etc.
• Insufficient Authentication / Authorization - Multifactor authentication, secure password
recovery mechanism.
• Insecure network services - Open ports, Buffer overflow, Denial-of-Service.
• Lack of data encryption - Unencrypted services via local or internet. SSL/TLS
implementation
• Insecure mobile interfaces - Account lock-out, Unencrypted data transfer over network.
• Insufficient security configurations - Granular access control, strong passwords.
• Insecure software / firmware - Updateable software / firmware, Encrypted update files,
Update file integrity verification.
• Privacy concern - End to end data encryption, Avoid collection of unnecessary user data,
Secure storage of PII information.
Slide by Veronica Molina
Standards (or lack of any)
• By default no set rules/standards in designing
architecture
• Developments from past year
https://www.forbes.com/sites/aarontilley/2016/07/27/two-
major-internet-of-things-standards-groups-strike-
alliance/#1b42c1cd4520
• This year, US Department of Commerce finally took note
of the issue that IoT standards cannot be left to market.
www.zdnet.com/article/iot-standards-cannot-be-left-to-
the-market-us-department-of-commerce/
196
Slide by Apurv Tiwari
How can I protect myself ?
• As we have seen, its not just the deviceor the network or clients contributing tovulnerabilities.
• There are many attack surfaces involvedand each of them need to be evaluatedand secured.
• Understand the security aspectsconsidered by the service provider andthe response time to discoveredvulnerabilities and frequency of updatesto device software or firmware.
Slide by Veronica Molina
Major Issues Many Home IoT Devices
• Many of these devices are general purpose
– GP interface is hidden, and user only sees application running on top
of Linux or other platform.
– Many IoT devices are not updated/patched regularly to address new
vulnerabilities that are discovered. Or updates occur automatically
without permission of owner.
– Many devices enable inbound access through your Firewall.
– IoT Device is full fleged device on your home network, and if
compromised from outside, allows attacker node inside your firewall to
attack observe other activity.
– Many users leave their devices with the default passwords or access
controls.
– May devices enable “open access” to users within local network
segement. (open or hacked wifi and other IoT devices can be an issue)
How easy is it to hack a home network?
Mark Ward - BBC News – 25 February 2016My home is under attack - Right now, skilled adversaries are probing its defences seeking a
way in. They are swift, relentless and smart. No weakness will escape their notice. But I am
not without defences. I've tried to harden the most vulnerable devices to stop them being
compromised and I've set up warning systems that should alert me if the attackers get inside.
In the end, all that effort was for nothing because the attackers found so many ways to get at
me and my home network. And, they said, even if the technology had defeated them, the
weakest link of all - me - would probably have let them in.
Swiss cheese - I found out just how severely compromised my home network was in a very
creepy fashion. I was on the phone when the web-connected camera sitting on the window sill
next to me started moving. The lens crept round until it pointed right at me. I knew that the
attackers were on the other end watching what I was doing, and potentially, listening to the
conversation. It is a gadget my children and I have used to see if any wildlife passes through
our garden and one which many people have for home security or as an alternative baby
monitor. I was lucky that I knew my attackers who, at that moment, were sitting in my living
room waiting to show me how straightforward it was to subvert these domestic devices. The
picture they took of me via the camera was evidence enough.
Inferences from Home Sensors
• Your daily Routine
– When you leave, get home, what is the best time
to burglarize your house.
• What television programs you watch.
– No more “Nielson families” – your TV or set top
box collects this data and sends it to your
provider.
• Power consumption can tell a lot about your activities
too.
At Work and “On the Road”
• We pair with devices all the time
– For printing, beaming data
– NFC for payment
• Attaching to WiFi Hotspots
– We broadcast the SSID’s with which we usually
connect.
– Evil twin or Rogue free WiFi
• Whenever we attach, it creates a path for malware
infection, or for data to be collected by “peer”.
– E.g. contact list on bluetooh connected audio in
rental car.
In Our Vehicles
• Our vehicles are part of the IoT
– OBDII
– Wifi Hotspots
– Entertainment systems
– Blue tooth connectivity to our cellphones
• Discussed earlier
– Navigation
• Is your car Spying on You
– NBC LA – November 15 2015
• Consider multi-step attacks
– Cellphone malware – Entertainment - OBDII
Mid-term Exam Discussion – Q1
Expectations of Privacy (30 points)
Although intended by US courts to apply to governments’ access to business records, the “third party doctrine” is actually a very accurate statement of what happens to our data today when we provide the data to third parties. Although privacy regulations and communicated privacy policies may tell us otherwise, there is always the danger (and expectation) that our data will get out if we provide it to third parties. In this question I am concerned with out actual expectation of privacy, specifically with respect to whom our information may be provided (including for government and commercial purposes) and how it may be used.
a) List some data (or actions that you might take) that leave you with zero expectations of privacy with respect to the data you have provided. For some of the examples of this “non-private” data, can you think of examples of ways that we expect the data should not be used.|(10 points)
b) Explain some of the changes to technology that have resulted in the disclosure of data that is ‘non-private’ (i.e. in plain view) having a significant impact on our privacy when combined with similar data. (10 points)
c) Provide several examples (possibly from current events) where data that has been entrusted to a third party (and which is not in plain view) has been used in unexpected ways, violating the user’s privacy expectations. (10 points)
Mid-term Exam Discussion – Q2
The most common manner by which adversaries steal our personal data is through impersonation. When our data is stored on our local device, or on the servers of social media and cloud services, the data is supposed to be accessed only by authorized users. If an adversary can pose as a different user for the purpose of making requests, then they can use the privileges associated with the identity that has been impersonated. (30 points)
a) List some of the ways that an adversary is able to make request posing as a different user. There are at least two significantly different ways that this can be accomplished. (10 points)
b) What are some of the approaches by which you can mitigate the impact of such impersonation activities? (by mitigate, I specifically do NOT mean prevent the impersonation from occurring, what I mean is that you should take steps to ensure the least resulting impact when impersonation does occur). (10 points)
c) What are the three main approaches that computer systems can use to confirm identity (authentication). What are the tradeoffs between the different approaches and what steps can a system designer or an end user take to improve the effectiveness of the authentication process? (20 points)
Mid-term Exam Discussion – Q3
One definition of privacy discussed in class is that privacy is the right to be let alone. By its nature, social media is intrusive. In this question I want you to discuss some of the ways that social media is problematic for our security and privacy.
a) When we use social media, we voluntarily provide information to that reveals our most sensitive characteristics: our likes and dislikes, who our friends are (i.e. our social network itself), our daily schedule, planned travels, the food we eat, etc. Discuss some of the ways that this data is used (i.e. for the purposes that we choose to use these sites) and mis-used (how the sites use this data in ways that are not necessary to the benefit of the end-user, including ways that the user is “monetized”). (10 points)
b) Discuss some ways that social media may be used to control us, i.e. how can it more effectively influence our actions and our speech than other media? Consider how it can also affect the actions and speech of those that are not actively using such social media platforms. Specifically consider the incentives and disincentives provided through the social media platform itself. (10 points)
c) Social media platforms touch many of our devices and our social media “timelines” are often integrated with our other internet connected activities. How does this integration with our “timeline” affect the privacy of the data associated with our other activities? (10 points)