Big Data and PrivacySocial Networking Services and

User Data Protection

UNIVERSITY OF MARYLAND, UNIVERSITY COLLEGE

SHUANGBAO (PAUL) WANGPROGESSOR

PROGRAM DIRECTOR FOR CYBERSECURITY

CENTER FOR SECURITY STUDIES

Question:

How many Fortune 500 Companies had data breaches last year?

Answer: 500

Solutions to Privacy?

• Industry -- Yes• Academia -- May be not• Government – Yes, but putting backdoors

• Trying to find solutions. • Why? – Defend? -- Prevent?

Twitter Company Statistics Data (7/11/14)

Total number of active registered Twitter users 645,750,000

Number of new Twitter users signing up everyday 135,000

Number of unique Twitter site visitors every month

190 million

Average number of tweets per day 58 million

Number of Twitter search engine queries every day

2.1 billion

40 TB/year == 8500 DVD

Social Services Big Data

Public Account

Individual Account

Developers

Company Team Individual 88.9% 10% 1.1%

Industries

.net companies software developers .net services others

23.64% 43.31% 31.79% 1.46%

Education

Data Breaches

• Card System• 2005$40M

• TJX• 2007$90M

• Heartland• 2009$130M

• Sony• 2011$100M

• Target• 2013$70M

• Home Depot• 2014$56M

It took ten years to reduce the time to identify a data breach from a week to days.

GMU 1• Jan. 2005• 32,000• A week to identify

GMU 2• July 16, 2014• 4,400 faculty

College Park 1• Tue. Jan. 18, 2014• 309,079• Hackers made a copy of

DB dataCollege Park 2• One month later• 36 hours identify

How much time is need to steal 300k data record? < 1ms

Solutions?

Algorithms - Traditional• Cisco• Google map• Dijkstra, core: 10 lines? 10k lines? 10 million?

Algorithms – future• N Dimensions/Domains

HSPM Algorithm – Threat AnalysisINPUT:• Some 200 parameters, DB scheme, encryption • Vulnerability Assessment Report• Hardware configurations• Policies in place and Implementation• Each assign a weightOUTPUT• Threat factor – tf:[0 – 1.00]• Recommendations and Guide

Security = Hardware + Software + Policy + Management- Wang, 2006

HSPM - Experiments

• Traveler Enterprise– 20 million business– 1st round• Before: tf = 0.71, blue hat: steal all data• After: tf = 0.38, blue hat: steal no data

– 2nd round• tf reduces to 0.18• Merged by a big company

Free vs. not FreeSuppose you have a full-time job. If there is an email service charging $40 a year but does not collect your data.

Question:Are you willing to switch to this email service or would you rather stay in the current free email services by scarifying your privacy?

91% -- Yes 79% -- YesAfter HSPM & training

Log in with strong password over SSL

Is it secure? -- Yes: 98%

Protect Privacy?

• Our Privacy is on the hands of others• What we can do to defend our privacy

ourselves?– Policies– Technologies

–How to “hide” yourself in this cyber insecurity world?