Upload
donguyet
View
220
Download
4
Embed Size (px)
Citation preview
The Everyday Life of Surveillance (V): Architectures, Spaces, Territories
Privacy by Design?
Marc LangheinrichUniversity of Lugano (USI)
Switzerland
Projects
Privacy Ubiquitous Computing
Patras
Zurich
Gothenburg
Paris
Lancaster
Sevilla
Approaches to Ubicomp Privacy Disappearing Computer Troubadour Project (10/2002 - 05/2003)
• Make it Someone Else’s Problem– “For [my colleague] it is more appropriate to think
about [security and privacy] issues. It’s not really the case in my case“
• Absence of Protection as User Empowerment– “It’s maybe about letting them find their own
ways of cheating“
• Insist that “Good Security“ will Fix It– “All you need is really good firewalls“
Marc Langheinrich: The DC-Privacy Troubadour – Assessing Privacy Implications of DC-Projects. Designing for Privacy Workshop. DC Tales Conference, Santorini, Greece, June 2003.
24
NON PRIVACY BY NON DESIGNExample 1: Make it someone elses problem
“Uses the highest level of encryption allowed by the U.S.
government.”
2006
20 cards
no encryption
Cardholder‘s NameCard Number
Expiration Date
O‘Reilly Conf. 2008
Pablos Holman
“cards incorporate 128-bit encryption”
Cardholder‘s NameCard Number
Expiration Date
*MacBook Air not included
Defcon 2008
Flexilis
Non Privacy By Non Design
NON PRIVACY BY (BAD) DESIGNExample 2: User Empowerment
SECURITY
P<D<<LANGHEINRICH<<MARC<<<<<<<<<<<<<<<<<<<<<123456789?D<<710123?M070101?<<<<<<<<<<<<<<<?
MarcLangheinrich
DD/MMM/1971
P<D<<LANGHEINRICH<<MARC<<<<<<<<<<<<<<<<<<<<<12345678??D<<710123?M0701???<<<<<<<<<<<<<<<?
Protection from Forgery!!
Digital Signature
„ ...cloned and manipulated... “
MustermannChristian0000000000000
?
Proof of Genuine Passport ?
Non Security By Bad Design
PRIVACY BY DESIGN?Example 3: Good Firewalls
Smart Fridge
Smart Stove
Receiptless Returns
Fast Checkout
WhigModel #2342
Material: PolyesterTiger ThongMaker: Woolworth
Last washed: 5 days ago
ViagraMaker: Pfizer
Size: Maxi (60 pills)
Ori
gina
l “RF
ID-M
an”
Art
wor
k (c
) 200
6 A
ri Ju
els,
RSA
Lab
orat
orie
s
Working Hypothesis
People don‘t want privacy tools
People want to get things done!The more secure, private, safe, the better
Getting Things Done?
Vision
Hands Free Privacy
The more secure, private, safe, the better
Example: The Shamir Tag
Langheinrich, Marti: Practical Minimalist Cryptography for RFID Privacy. IEEE Systems Journal, Vol. 1, No. 2, 2007
Example: The Shamir Tag
• Unsolicited read-outs take long time–Difficult (but not impossible) to track
or identify
• Instant Identification for known tags–Owner uses tags without restrictions
Langheinrich, Marti: Practical Minimalist Cryptography for RFID Privacy. IEEE Systems Journal, Vol. 1, No. 2, 2007
Shamir Tags Illustrated
OriginalRFID-Tag:
RFID-Tag contains encrypted ID + Key, but cut in many small pieces. All pieces are needed to decrypt Tag ID.
Shamir Tags Illustrated
OriginalRFID-Tag:
UnknownReader sees:
Only few shares disclosed A few more shares disclosed Still not enough shares…
wait wait wait
RFID-Tag contains encrypted ID + Key, but cut in many small pieces. All pieces are needed to decrypt Tag ID.
time
Shamir Tags Illustrated
+ =
OriginalRFID-Tag:
UnknownReader sees:
Owner‘sReader sees:
Owner checks forknown (cached) tag
Instant IdentificationOnly few shares disclosed
Only few shares disclosed A few more shares disclosed Still not enough shares…
wait wait wait
RFID-Tag contains encrypted ID + Key, but cut in many small pieces. All pieces are needed to decrypt Tag ID.
Consumers receive basicprotection for all tagged goods
Additional security mechanism can be layered above Shamir Tags
Summary
Privacy by Design
• Difficult to do even for technology experts– Industrial (RFID Credit Cards)
– Government (ePassport)
• Difficult if wrong user model– People want to get things done
– Privacy, security often gets in the way
• We need usable security and privacy– Sometimes less security may mean more privacy
Outlook
The wireless century will bring an end to many crimes. It will be a century of morality, since it is known that morality and fear are one and the same.
(Robert Sloss, “The World in 100 Years”, 1910)