Privacy issues in network environments
Upcoming SlideShare
Loading in...5
×
 

Privacy issues in network environments

on

  • 2,054 views

Tutorial given at Lappeenranta Summer School on Telecommunications, Lappeenranta, Aug 2008

Tutorial given at Lappeenranta Summer School on Telecommunications, Lappeenranta, Aug 2008

Statistics

Views

Total Views
2,054
Views on SlideShare
2,050
Embed Views
4

Actions

Likes
1
Downloads
23
Comments
0

3 Embeds 4

http://www.slideshare.net 2
http://www.linkedin.com 1
http://www.slideee.com 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Privacy issues in network environments Privacy issues in network environments Presentation Transcript

    • Lappeenranta Summer School on Telecommunications 2008 - Privacy Issues in Network Environments Josef Noll University Graduate Center at Kjeller, UNIK/ University of Oslo, UiO josef.noll@unik.no Lappeenranta, 19 August 2008 http://wiki.unik.no -
    • Research and ! Education at Kjeller Close relation to FFI, ! IFE, NILU,... 2 Privacy Issues 19. Aug 2008, Josef Noll
    • t f the bes o re some n Norwegia tive whe tia e o build th citing ini t a very ex emselves tion” is h commit t Movation a gy innov Norway quot; lo panies in s techno a ffey, Abeli com wireles Paul Cha in nal team – natio “Innovation by Design” 3 Privacy Issues 19. Aug 2008, Josef Noll
    • Have you heard these ones? from Scott Mc Nealy (Sun Microsystems) of is o fond s ou are acy y e priv “Th usion” an ill ostly m “You h ave no privacy . Get ov er it.” 4 Privacy Issues 19. Aug 2008, Josef Noll
    • Have you heard these ones? from Scott Mc Nealy (Sun Microsystems) of is o fond s ou are acy y e priv “Th usion” an ill ostly So, let’s go m home and do something useful “You h ave no privacy . Get ov er it.” 4 Privacy Issues 19. Aug 2008, Josef Noll
    • How come these guys didn’t think of that? these guys didn’t think of that? How come Source:Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft ©2007 Stefan Weiss, Deloite & Touche, 2007 11 Web 2.0 Expo Berlin 2007 5 Privacy Issues 19. Aug 2008, Josef Noll
    • Outline Privacy, Identity, Trust, Reputation,.... ! Network environments ! technical: Internet and wireless networks – Social networks – .... networks – Technologies ! Protection mechanisms ! ! Legal issues ! Tips and tricks 6 Privacy Issues 19. Aug 2008, Josef Noll
    • Privacy Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share basic common themes. Privacy is sometimes related to anonymity, the wish to remain unnoticed or unidentified in the public realm. source: Wikipedia 7 Privacy Issues 19. Aug 2008, Josef Noll
    • Privacy Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share basic common themes. Privacy is sometimes related to anonymity, the wish to remain unnoticed or unidentified in the public realm. source: Wikipedia Physical: ! intrusion into physical space (sauna, stalking,...) - - searching in my personal possessions - access to my home ! Informational - Internet, electronic traces - Medical data ! Organisational - Industrial property rights (IPR) - protection of secrets 7 Privacy Issues 19. Aug 2008, Josef Noll
    • Physical privacy don’t touch me ! don’t kiss me ! don’t invade ! don’t you dare ! 8 Privacy Issues 19. Aug 2008, Josef Noll
    • Physical privacy Factors don’t touch me ! ! cultural sensitivity don’t kiss me ! ! personal dignity don’t invade ! ! shyness don’t you dare ! ! safety concerns 8 Privacy Issues 19. Aug 2008, Josef Noll
    • Physical privacy Factors don’t touch me ! ! cultural sensitivity don’t kiss me ! ! personal dignity don’t invade ! ! shyness don’t you dare ! ! safety concerns The worst places (for me) 8 Privacy Issues 19. Aug 2008, Josef Noll
    • Physical privacy Factors don’t touch me ! ! cultural sensitivity don’t kiss me ! ! personal dignity don’t invade ! ! shyness don’t you dare ! ! safety concerns The worst places The best places (for me) (for me) 8 Privacy Issues 19. Aug 2008, Josef Noll
    • Physical privacy Factors don’t touch me ! ! cultural sensitivity don’t kiss me ! ! personal dignity don’t invade ! ! shyness don’t you dare ! ! safety concerns The worst places The best places (for me) (for me) 8 Privacy Issues 19. Aug 2008, Josef Noll
    • Organisational privacy What is in Coca Cola? Access to fingerprints ! ! of all people ! When will VW launch ! the new Golf? 9 Privacy Issues 19. Aug 2008, Josef Noll
    • Organisational privacy What is in Coca Cola? Access to fingerprints ! ! of all people ! When will VW launch ! the new Golf? Factors ! Patent (IPR) ! Trade mark ! price of information ! effect of damage 9 Privacy Issues 19. Aug 2008, Josef Noll
    • Information privacy Information about me ! electronic information stored about me religion, sexual - orientation, political opinion personal activities - family information - Membership in social ! networks access to accounts ! Medical information ! Political privacy ! 10 Privacy Issues 19. Aug 2008, Josef Noll
    • Information privacy Electronic traces Information about me ! Mobile phone ! electronic information stored about me GSM, - Bluetooth religion, sexual - - orientation, political sensor data ! opinion traffic cameras ! personal activities - surveillance ! family information - payment card usage ! Membership in social ! networks fingerprint check-in ! access to accounts ! Medical information ! Political privacy ! 10 Privacy Issues 19. Aug 2008, Josef Noll
    • Summary Factors influencing privacy cultural sensitivity ! personal dignity ! shyness ! .... ! 11 Privacy Issues 19. Aug 2008, Josef Noll
    • Summary Factors influencing privacy cultural sensitivity safety concerns ! ! personal dignity effect of damage ! ! shyness professional reputation ! ! .... discrimination .... ! ! 11 Privacy Issues 19. Aug 2008, Josef Noll
    • Summary Factors influencing privacy cultural sensitivity safety concerns ! ! personal dignity effect of damage ! ! shyness professional reputation ! ! .... discrimination .... ! ! 11 Privacy Issues 19. Aug 2008, Josef Noll
    • Summary Factors influencing privacy cultural sensitivity safety concerns ! ! personal dignity effect of damage ! ! shyness professional reputation ! ! .... discrimination .... ! ! My own understanding Privacy is about protecting myself such that others can’t harm me more than I can tolerate harm others --> trust, relation --> my roles (identity) 11 Privacy Issues 19. Aug 2008, Josef Noll
    • Reality What the Internet knows about me Preface I am not a member of a social network (yet). I do not publishing pictures about me. And still ... 12 Privacy Issues 19. Aug 2008, Josef Noll
    • Reality What the Internet knows about me Preface I am not a member of a social network (yet). I do not publishing pictures about me. And still ... 12 Privacy Issues 19. Aug 2008, Josef Noll
    • Reality What the Internet knows about me Preface I am not a member of a social network (yet). I do not publishing pictures about me. And still ... 12 Privacy Issues 19. Aug 2008, Josef Noll
    • Reality What the Internet knows about me Preface I am not a member of a social network (yet). I do not publishing pictures about me. And still ... 12 Privacy Issues 19. Aug 2008, Josef Noll
    • Reality What the Internet knows about me Preface I am not a member of a social network (yet). I do not publishing pictures about me. And still ... and I’m only talking Privacy Issues my public availableJosef Noll about data 12 19. Aug 2008,
    • Two more definitions Roles, Identities User User profile, behaviour privacy Location, Proximity Community Context, Presence 13 Privacy Issues 19. Aug 2008, Josef Noll
    • Two more definitions others --> trust, relation Roles, Identities User User profile, behaviour privacy Location, Proximity Community harm Context, --> my roles (identity) Presence 13 Privacy Issues 19. Aug 2008, Josef Noll
    • Identity In philosophy, identity is whatever makes an entity definable ! and recognizable, in terms of possessing a set of qualities or characteristics. Identity is an umbrella term used throughout the social ! sciences for an individual's comprehension of him or herself as a discrete, separate entity. Digital identity also has another common usage as the digital ! representation of a set of claims made by one digital subject about itself or another digital subject. An online identity is a social identity that network users ! establish in online communities. As more more services are accessible in digital world, digital ! identities and their management will play a vital role in secure service access and privacy ….. source: Wikipedia 14 Privacy Issues 19. Aug 2008, Josef Noll
    • Identity: Real world to digital world Digital identity Passwords everywhere Real world Identities Digital world identities Identity Digital world Recommendation: Dick Hardt@OSCON, ! Identity 2.0 15 Privacy Issues 19. Aug 2008, Josef Noll
    • The dilemma of computer science Identity - “same as” and “not” Identity is an umbrella term used throughout the social ! sciences for an individual's comprehension of him or herself as a discrete, separate entity. 16 Privacy Issues 19. Aug 2008, Josef Noll
    • The dilemma of computer science Identity - “same as” and “not” Identity is an umbrella term used throughout the social ! sciences for an individual's comprehension of him or herself as a discrete, separate entity. Computer science: use of ontologies, binary strings ‘xFxkeyil9e4’ ! same as Josef Josef Noll 16 Privacy Issues 19. Aug 2008, Josef Noll
    • The dilemma of computer science Identity - “same as” and “not” Identity is an umbrella term used throughout the social ! sciences for an individual's comprehension of him or herself as a discrete, separate entity. Computer science: use of ontologies, binary strings ‘xFxkeyil9e4’ ! same as Josef Roles, Identities Josef Noll Community Context 16 Privacy Issues 19. Aug 2008, Josef Noll
    • The dilemma of computer science Identity - “same as” and “not” Identity is an umbrella term used throughout the social ! sciences for an individual's comprehension of him or herself as a discrete, separate entity. Computer science: use of ontologies, binary strings ‘xFxkeyil9e4’ ! same as Josef Roles, Identities Josef Noll Community Context Are we in computer science in the Middle Ages? ! G. W. Leipniz (1646): if a=b and ! b=c, then a=c 16 Privacy Issues 19. Aug 2008, Josef Noll
    • Reputation and Trust Reputation is the opinion (more technically, a social evaluation) of ! the public toward a person, a group of people, or an organization. It is an important factor in many fields, such as business, online communities or social status. Reputation is known to be a ubiquitous, spontaneous and highly ! efficient mechanism of social control in natural societies. Trust is a relationship of reliance. A trusted party is presumed to ! seek to fulfill policies, ethical codes, law and their previous promises. Trust is a prediction of reliance on an action, based on what a party ! knows about the other party. Comment: Members of “la familia” trusts each other 17 Privacy Issues 19. Aug 2008, Josef Noll
    • Reputation and Trust Reputation is the opinion (more technically, a social evaluation) of ! the public toward a person, a group of people, or an organization. It is an important factor in many fields, such as business, online communities or social status. Reputation is known to be a ubiquitous, spontaneous and highly ! efficient mechanism of social control in natural societies. Trust is a relationship of reliance. A trusted party is presumed to ! seek to fulfill policies, ethical codes, law and their previous promises. Trust is a prediction of reliance on an action, based on what a party ! knows about the other party. Comment: Members of “la familia” trusts each other do we really believe we can manage trust and represent reputation? 17 Privacy Issues 19. Aug 2008, Josef Noll
    • !quot;#$%&#'()*+&#$')&'(,*-+('- ! ! Source: New York Times; Lasse Øverlier 18 Privacy Issues 19. Aug 2008, Josef Noll
    • Revisit: Information privacy 19 Privacy Issues 19. Aug 2008, Josef Noll
    • Revisit: Information privacy It starts with the radio ! radio is broadcast: everyone can listen ! “radio identity” (MAC, Bluetooth,...) is known ! eavesdropping of traffic, man-in-the-middle: read- your email (smtp is plain text) Bluetooth and other ad-hoc networks, connectivity ! to phone without notice wireless networks at home: WEP easy to crack, ! access to whole home infrastructure Mobile phone (GSM): location, fake base-station ! 19 Privacy Issues 19. Aug 2008, Josef Noll
    • Revisit: Information privacy And it never stops ! Eavesdropping -> read your communication ! Crack WEP (encryption) -> read open information ! DNS forging -> leading you to a different site ! Phishing -> getting your secure information “Click to confirm that you read the privacy issue” ! Netvibes: Leading personal start page to manage ! your digital life Banking, Social Networks.... ! 20 Privacy Issues 19. Aug 2008, Josef Noll
    • Revisit: Information privacy And it never stops ! Eavesdropping -> read your communication ! Crack WEP (encryption) -> read open information ! DNS forging -> leading you to a different site ! Phishing -> getting your secure information “Click to confirm that you read the privacy issue” ! Netvibes: Leading personal start page to manage ! your digital life Banking, Social Networks.... ! 20 Privacy Issues 19. Aug 2008, Josef Noll
    • Revisit: Information privacy And it never stops ! Eavesdropping -> read your communication ! Crack WEP (encryption) -> read open information ! DNS forging -> leading you to a different site ! Phishing -> getting your secure information “Click to confirm that you read the privacy issue” ! Netvibes: Leading personal start page to manage ! your digital life Banking, Social Networks.... ! 20 Privacy Issues 19. Aug 2008, Josef Noll
    • Some technology first Have you heard these ones? nsistors more tra roduced world p 2007) the nor R&I ear ( CEO, Tele quot;Last y Haugli, orns” an rice c Christian th – Hans “In thre e to fiv e years devices we will in our v interac – Mari icinity” t with t e Auste o 30-50 nstaa, C onnecte d Objec ts, Tele nor R&I 21 Privacy Issues 19. Aug 2008, Josef Noll
    • “The speed of technology” The speed of development ! source: Gerhard Fettweis, TU Dresden Do you remember: “There might be a need for 5 ! computers” (1943 Watson(?), 1951 Hartree) Mobile: NMT, GSM, GPRS, EDGE, UMTS, 3G, HSDPA, ! SMS, EMS, MMS,... DVB-H,... 22 Privacy Issues 19. Aug 2008, Josef Noll
    • Mobile Phone and Sensors N. Arora, Google Europe Manager [Oslo Innovation ! Week]: By 2012, iPods ... be capable of holding all music – you will ever hear in your life (or one year of video) By 2018 it can hold all videos ever produced – This speed will continue until 2025 [ITRS Roadmap] ! 23 Privacy Issues 19. Aug 2008, Josef Noll
    • Mobile Phone and Sensors N. Arora, Google Europe Manager [Oslo Innovation ! Week]: By 2012, iPods ... be capable of holding all music – you will ever hear in your life (or one year of video) By 2018 it can hold all videos ever produced – This speed will continue until 2025 [ITRS Roadmap] ! Imagine a device, which ! will save all the conversations you ever had – will record all the environments you have ever been in – identity all people you have ever talked to and remember what – you talked about 23 Privacy Issues 19. Aug 2008, Josef Noll
    • Mobile Phone and Sensors N. Arora, Google Europe Manager [Oslo Innovation ! Week]: By 2012, iPods ... be capable of holding all music – you will ever hear in your life (or one year of video) By 2018 it can hold all videos ever produced – This speed will continue until 2025 [ITRS Roadmap] ! Imagine a device, which ! will save all the conversations you ever had – will record all the environments you have ever been in – identity all people you have ever talked to and remember what – you talked about “Your Mobile will do” ! 23 Privacy Issues 19. Aug 2008, Josef Noll
    • Let’s get at deep breath.... and see what we can do about it 24 Privacy Issues 19. Aug 2008, Josef Noll
    • Recall Lessions learned Definitions of Privacy, Identity, Trust, Reputation,.... ! “It all begins with the radio” ! location, device identity – eavesdropping, phishing, man-in-the-middle, forging – The user providing all kinds of information ! social networks, service providers, ... – 25 Privacy Issues 19. Aug 2008, Josef Noll
    • Challenge Challenge: Manage the Privacy 2.0 Bermuda Triangle Manage the Privacy 2.0 Bermuda Triangle Data is everywhere User’s Privacy Vulnerable High value of technology personal data Source: Stefan Weiss, Deloite & Touche, 2007 26 Privacy Issues 19. Aug 2008, Josef Noll 19 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
    • Privacy Requirements “How much will it cost me if my privacy gets compromised?” •see: lost mobile phone, security of your house Examples of •take appropriate measures Services VPN, !/$ email, photo Network access 27 Privacy Issues 19. Aug 2008, Josef Noll
    • Protecting the identity? 8 million US residents victims of identity theft in 2006 ! (4% of adults) US total (known) cost of identity theft was $49 billion ! ~10% was paid by customers – remaining by merchants and financial institutions – Average victim spent $531 and 25 hours to repair ! for damages Source: Lasse Øverlier & California Office of Privacy Protection ID theft in seconds http://itpro.no/art/11501.html 28 Privacy Issues 19. Aug 2008, Josef Noll
    • 2nd lecture Personalisation, tips and tricks Personalisation of service, why? ! The role of the mobile phone ! Seamless authentication – Payment and access – Protection mechanisms ! Legal issues – Tips and tricks – – 29 Privacy Issues 19. Aug 2008, Josef Noll
    • User profiles/profiling - “We have heard that before, nothing has happened” Complexity is ever increasing -> Need for reduction ! Technology is in place -> Semantics, Web Services,... ! Research projects address adaptation of services towards ! user needs Mobile phones are becoming the source for Internet and ! Service access – 20-30 % of all phones worldwide will be smartphones by 2009 – 30 % of mobile users in the Nordic will receive push content by 2010 Market need for personalisation: “Mobile advertisement has ! to fit to the user, otherwise it will fail completely” Phone Evolution, April 2007] [Movation White Paper, Mobile 30 Privacy Issues 19. Aug 2008, Josef Noll
    • User profiles/profiling - “Nobody is willing to pay for it” “Mobile advertisement is 1000 to 10000 times more valuable ! as Internet advertisement” [Bjarne Myklebust, NRK] “The chances of annoying customers through mobile ! advertisements are high. Mobile advertisements have to fit.” “Mobile advertising isn’t only hot, it’s on fire.” [Bena Roberts, ! GoMo News] Operators launch mobile advertisement companies (Telenor) ! 31 Privacy Issues 19. Aug 2008, Josef Noll
    • My phone collects all my security SIM with NFC & PKI 32 Privacy Issues 19. Aug 2008, Josef Noll
    • Mobile Services, incl. NFC • NFC needs next • Focus in 2008 on generation phones mobile web • S60, UIQ, ... • Push content upcoming • Common Application development • Integrated SMS authentication Mobile Web Push content NFC payment 60 development 45 30 15 0 2006 2008 2010 Expected customer usage [%] “have tried” of mobile services in the Nordic Market [“Mobile Phone Evolution”, Movation White paper, May 2007] 33 Josef Noll, “Who owns the SIM?”, 5 June 2007
    • Mobile Services, incl. NFC • NFC needs next • Focus in 2008 on generation phones mobile web • S60, UIQ, ... • Push content upcoming • Common Application development • Integrated SMS authentication Mobile Web Push content NFC payment 60 development 45 30 15 0 2006 2008 2010 Expected customer usage [%] “have tried” of mobile services in the Nordic Market [“Mobile Phone Evolution”, Movation White paper, May 2007] 33 Josef Noll, “Who owns the SIM?”, 5 June 2007
    • Operator supported service access Seamless Authentication authentication provider 34 Privacy Issues 19. Aug 2008, Josef Noll
    • Operator supported service access Seamless Authentication authentication provider Service access 34 Privacy Issues 19. Aug 2008, Josef Noll
    • Operator supported service access Seamless Authentication authentication provider Service Physical VPN access access 34 Privacy Issues 19. Aug 2008, Josef Noll
    • Operator supported service access Seamless Authentication authentication provider Home Service Physical access, .mp3, VPN access access .jpg 34 Privacy Issues 19. Aug 2008, Josef Noll
    • Mobile Phone supported access SMS one-time password ! MMS, barcode ! eCommerce (SMS exchange) ! Network authentication ! WAP auto access ! Applets: PIN code generation ! (Bank ID) Future SIM ! Photo: Spanair 35 Privacy Issues 19. Aug 2008, Josef Noll
    • WAP gateway Seamless authentication Source: Erzsebet Somogyi, UNIK 36 Privacy Issues 19. Aug 2008, Josef Noll
    • WAP gateway Seamless authentication Source: Erzsebet Somogyi, UNIK 36 Privacy Issues 19. Aug 2008, Josef Noll
    • WAP gateway Seamless authentication HTTP request 94815894 Source: Erzsebet Somogyi, UNIK 36 Privacy Issues 19. Aug 2008, Josef Noll
    • WAP gateway Seamless authentication HTTP request Hash 94815894 Source: Erzsebet Somogyi, UNIK 36 Privacy Issues 19. Aug 2008, Josef Noll
    • WAP gateway Seamless authentication HTTP request HTTP request Hash 94815894 !quot;#$%&'()*+,-.// Source: Erzsebet Somogyi, UNIK 36 Privacy Issues 19. Aug 2008, Josef Noll
    • WAP gateway Seamless authentication HTTP request HTTP request Hash 94815894 !quot;#$%&'()*+,-.// Pictures for ’rzso’. Password:1234 sID: cTHG8aseJPIjog== Source: Erzsebet Somogyi, UNIK 36 Privacy Issues 19. Aug 2008, Josef Noll
    • Banking from the mobile phone Security considerations ! Equally secure as SMS Welcome Josef: (get your account status) SIM authentication ! Easy to use ! Advanced functionality through PIN (if required) quot; Seamless phone (SIM) authentication ! Advanced security when required BankID or – NFC communication PIN – unit NFC2 SIM SIM Smartcard interfaces ISO/IEC 7816 37 Privacy Issues 19. Aug 2008, Josef Noll
    • Banking from the mobile phone Security considerations ! Equally secure as SMS Welcome Josef: (get your account status) SIM authentication ! Easy to use ! Advanced functionality through PIN (if required) Information: quot; Seamless phone (SIM) Using SIM, authentication no customer input ! Advanced security when required required BankID or – NFC communication Account status PIN – unit NFC2 SIM SIM Smartcard interfaces ISO/IEC 7816 37 Privacy Issues 19. Aug 2008, Josef Noll
    • Banking from the mobile phone Security considerations ! Equally secure as SMS Welcome Josef: (get your account status) SIM authentication ! Easy to use ! Advanced functionality Advanced through PIN (if required) Information: functionality quot; Seamless phone (SIM) Using SIM, authentication BankID or PIN no customer input (double security) ! Advanced security when required required BankID or – Transfer, NFC communication Account status PIN – unit payments NFC2 SIM SIM Smartcard interfaces ISO/IEC 7816 37 Privacy Issues 19. Aug 2008, Josef Noll
    • MyBank example: User incentive: ! “My account is just one click away” ! “enhanced security for transactions” quot;Phone (SIM) authentication quot;Level 2 security through PKI/BankID/PIN? 38 Privacy Issues 19. Aug 2008, Josef Noll
    • RFID and NFC example: Birkebeiner Online information to mobile ! phone Could be used for photo, video, ! etc 39 Privacy Issues 19. Aug 2008, Josef Noll
    • NFC – Near field communication Based on RFID technology at 13.56 ! • ECMA-340, ISO/IEC 18092 & MHz ECMA-352, …standards Typical operating distance 10 cm ! • Powered and non-self powered devices Compatible with RFID ! Data rate today up to 424 kbit/s ! Philips and Sony ! Photo: Nokia 40 Privacy Issues 19. Aug 2008, Josef Noll
    • NFC is ... RFID at 13.56 MHz ! RF (modem) and protocolls ! 41 Privacy Issues 19. Aug 2008, Josef Noll
    • NFC is ... Passive operation: RFID at 13.56 MHz ! 1) Phone=Reader has static RF (modem) and protocolls ! magnetic field 2) Tag acts as resonator, “takes energy” ~1/r^6 41 Privacy Issues 19. Aug 2008, Josef Noll
    • NFC is ... Passive operation: RFID at 13.56 MHz ! 1) Phone=Reader has static RF (modem) and protocolls ! magnetic field 2) Tag acts as resonator, “takes energy” ~1/r^6 41 Privacy Issues 19. Aug 2008, Josef Noll
    • NFC is ... Passive operation: RFID at 13.56 MHz ! 1) Phone=Reader has static RF (modem) and protocolls ! magnetic field 2) Tag acts as resonator, “takes energy” ~1/r^6 1 Power decrease of static and electromagnetic field 0,75 0,5 1/r^2 0,25 1/r^6 0 0,8 1,6 2,4 3,2 4 4,8 5,6 6,4 7,2 8 8,8 9,6 41 Privacy Issues 19. Aug 2008, Josef Noll
    • NFC use cases Payment and access ! include Master-/Visacard in the phone – have small amount money electronically – admittance to work – Service Discovery ! easy access to mobile services: – Web page, SMS, call, ... local information and proximity services (get – a game) Ticketing ! Mobile tickets for plain, train, bus: – Parents can order and distribute, ... Source: Nokia 6131 NFC Technical Product Description 42 Privacy Issues 19. Aug 2008, Josef Noll
    • NFCIP-2 Interface and protocol Proximity Card Vicinity Card NFC device Reader Reader Interface Standards ECMA-340 ISO/IEC 14443 ISO/IEC 15693 PCD mode VCD mode (MIFARE, FeliCa) (facility access) 43 Privacy Issues 19. Aug 2008, Josef Noll
    • NFCIP-2 Interface and protocol Proximity Card Vicinity Card NFC device Reader Reader NFC ECMA-340 Interface Standards YES 340 okay ECMA-340 ISO/IEC 14443 ISO/IEC 15693 PCD mode VCD mode (MIFARE, FeliCa) (facility access) 43 Privacy Issues 19. Aug 2008, Josef Noll
    • NFCIP-2 Interface and protocol Proximity Card Vicinity Card NFC device Reader Reader Interface Standards ECMA-340 ISO/IEC 14443 ISO/IEC 15693 PCD mode VCD mode (MIFARE, FeliCa) (facility access) 44 Privacy Issues 19. Aug 2008, Josef Noll
    • NFCIP-2 Interface and protocol Proximity Card Vicinity Card NFC device Reader Reader Interface Standards NO 15693 okay ECMA-340 ISO/IEC 14443 ISO/IEC 15693 PCD mode VCD mode (MIFARE, FeliCa) (facility access) 44 Privacy Issues 19. Aug 2008, Josef Noll
    • The radio NFC and privacy NFC is “as bad” as ! your contactless Master and Visa card – your passport – Typical reading distance up to 4 cm (for activation) ! Eavesdropping possible under operation (1/r^2), ! encrypted communication – 45 Privacy Issues 19. Aug 2008, Josef Noll
    • The radio NFC and privacy NFC is “as bad” as ! your contactless Master and Visa card – your passport – Typical reading distance up to 4 cm (for activation) ! Eavesdropping possible under operation (1/r^2), ! encrypted communication – Passport USA: passport can only be read when ! opened European passport: just place it on NFC ! reader 45 Privacy Issues 19. Aug 2008, Josef Noll
    • New current SIM to Future SIM visions GlobalPlatform From Real Estate 3.r ionsfor mobile / UICC GlobalPlatform’s Party sec. dom vision Real Estate 3.rd ! To comply with 3G networking requirements UICC Party sec. domains (USIM) vision Security features (algorithms and protocols), – longer key lengths GSM uses EAP SIM: client authentication – UMTS uses EAP AKA: Mutual authentication – 3rd party identities ! ISIM application (IMS) – Current Telenor private user identity On-board On-board – WEB server ! WEB server ! SIM (UICC) card one or more public user – (from 2001) identities Multi- Multi- Thread Plus ETSI SCP– Long term secret Thread Plus ETSI 3 new phys IFs: 3 new phy 12 Mb/s USB SUN 2009? 12 Mb/s SUN (Java) NFC (SWP) 2009? Source: Judith Rossebø, Telenor (Java) NFC (S 46 Privacy Issues 19. Aug 2008, Josef Noll
    • Network privacy GSM ! client-based positioning allows user to take control – trustworthy operators? – WLAN ! open for all kinds of attacks – example: TraceRoute for exposing packet origin – encrypted communication and more.... – Bluetooth ! are you afraid, then switch it off – I leave it on, danger for getting tapped is rather small – Social Network ! Web tools, e.g. search present significant privacy ! issue 47 Privacy Issues 19. Aug 2008, Josef Noll
    • Do you know Freddie Staur4? Do you know Freddie Staur4 • Sophos Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves • Research highlights dangers of irresponsible behavior on social networking sites www.sophos.com/facebook, Survey among 200 randomly chosen Facebook users, August 2007. 4 13 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft Source: Stefan Weiss, Deloite & Touche, 2007 48 Privacy Issues 19. Aug 2008, Josef Noll
    • Privacy is not about ... Privacy is not about getting your private space Sources: isolatr.com; Stefan Weiss,Aug 2008, & Touche, 200749 19. Deloite Josef Noll Privacy Issues
    • Privacy is not about ... 50 Privacy Issues 19. Aug 2008, Josef Noll
    • Privacy is not about ... Switching off the lights 50 Privacy Issues 19. Aug 2008, Josef Noll
    • Private Sphere and Privacy Directive 95/46/EC of the European parliament Data must be fairly and lawfully processed ! They must be processed for prior specified and ! limited purposes Adequate, relevant and not excessive ! Accurate ! Not kept longer than necessary ! Processed in accordance with the data subject’s ! rights Secure ! Not transferred to countries without adequate ! protection 51 Privacy Issues 19. Aug 2008, Josef Noll
    • And the law might be applicable to Google Google has to obey Norwegian law ! Art. 29-group looks how privacy is handled in the EU ! “Google is using cookies on PCs” thus they use equipment physically located in an EU state ! Art. 29 is valid for everyone using equipment in an EU state, thus also Google 52 Privacy Issues 19. Aug 2008, Josef Noll
    • Tips and Tricks If you put your data into the social networks, it is your ! responsibility Security, Your data, Anonymity, ..... ! 53 Privacy Issues 19. Aug 2008, Josef Noll
    • Specialized Privacy Probes !Wiretap !Web Bug + JAVA code !Retrieve e-mail comments !Retrieve mailing list !Computer Triangulation !Pinpoint physical location • Country and City (90% accuracy) • ZIP code (possible) Source: Thomas Hintz, “Prrotecting your Internet Privacy” University of Florida © IFAS Information Technology, 2002
    • Privacy Solutions http://notebook.ifas.ufl.edu/privacy/ All are free For home use… Some are free For education sites (check the license) University of Florida © IFAS Information Technology, 2002
    • Anonymous web surfing ! Internet Explorer plug-in ! FREE – cannot visit secure sites ! Blocks IP address ! Blocks cookies http://www.anonymizer.com/ University of Florida © IFAS Information Technology, 2002
    • Encrypted e-mail Pretty Good Privacy University of Florida © IFAS Information Technology, 2002
    • Encrypted e-mail GPG (GNU Privacy Guard) is a PGP compatible alternative replacement based on the OpenPGP standard Pretty Good Privacy http://www.gnupg.org/ University of Florida © IFAS Information Technology, 2002
    • Avoiding web spambots !Do not use “ mailto: ” TAG unless encoded – mailto:hintz@ufl.edu Source: Thomas Hintz, “Protecting your Internet Privacy” University of Florida © IFAS Information Technology, 2002
    • Avoiding web spambots !Do not use “ mailto: ” TAG unless encoded – mailto:hintz@ufl.edu !Use a graphic !Use a graphic @ symbol !Use TABLE !Spell out address Source: Thomas Hintz, “Protecting your Internet Privacy” University of Florida © IFAS Information Technology, 2002
    • Avoiding web spambots !Do not use “ mailto: ” TAG unless encoded – mailto:hintz@ufl.edu !Use a graphic hintz@ifas.ufl.edu !Use a graphic @ symbol !Use TABLE !Spell out address Source: Thomas Hintz, “Protecting your Internet Privacy” University of Florida © IFAS Information Technology, 2002
    • Avoiding web spambots !Do not use “ mailto: ” TAG unless encoded – mailto:hintz@ufl.edu !Use a graphic hintz@ifas.ufl.edu !Use a graphic @ symbol !Use TABLE !Spell out address Source: Thomas Hintz, “Protecting your Internet Privacy” University of Florida © IFAS Information Technology, 2002
    • Avoiding web spambots !Do not use “ mailto: ” TAG unless encoded – mailto:hintz@ufl.edu !Use a graphic hintz@ifas.ufl.edu !Use a graphic @ symbol !Use TABLE !Spell out address !hintz AT ifas.ufl.edu !hintz AT ifas DOT ufl DOT edu !hintz@ifasNOJUNK.ufl.edu (remove NOJUNK) Source: Thomas Hintz, “Protecting your Internet Privacy” University of Florida © IFAS Information Technology, 2002
    • Would you give personal information to strangers? Source: Thomas Hintz, “Protecting your Internet Privacy” University of Florida © IFAS Information Technology, 2002
    • Would you give personal information to strangers? 24% of users have supplied false information Source: Thomas Hintz, “Protecting your Internet Privacy” University of Florida © IFAS Information Technology, 2002
    • Would you give personal information to strangers? 24% of users have supplied false information Create a Virtual User John Smith 7/7/77 blue eyes red hair Source: Thomas Hintz, “Protecting your Internet Privacy” University of Florida © IFAS Information Technology, 2002
    • Would you give personal information to strangers? 24% of users have Provide accurate supplied false personal information information ONLY Create a Virtual User if appropriate for the John Smith services requested. 7/7/77 blue eyes red hair Source: Thomas Hintz, “Protecting your Internet Privacy” University of Florida © IFAS Information Technology, 2002
    • !quot;#$%#&%%'#("&)*+,)- Anonymity is a shield from the tyranny of the majority. - US Supreme Court decision No. 93-986, April 19 1995 but what .... ! ! ! Source: Lasse Øverlier, “Anonymity, Privacy and Hidden Services” 60 Privacy Issues 19. Aug 2008, Josef Noll
    • !quot;#$$%&'()*+',*-$%./-0%#)%01 “Disabling traffic flow analysis” ! What can be resolved? ! who communicates to/with whom ! who communicates when ! activity type ! movement ! chain of command ! type of information ! ! ! Source: Lasse Øverlier, “Anonymity, Privacy and Hidden Services” 61 Privacy Issues 19. Aug 2008, Josef Noll
    • !quot;#$%&'$&'quot;'()*+($#quot;,-. We need to distribute trust quot;#$%&' ! Use an anonymizing network ! Independent nodes ! +0 +, Encrypted tunnels ! +- using (perfect) forward secrecy ! +. +/ changing appearance of data ! Any user, or server, of the ! +2 +1 network can be the originator 3&4&56$7$&8!&%'94): torproject.org (%)*%) ! ! Source: Lasse Øverlier, “Anonymity, Privacy and Hidden Services” 62 Privacy Issues 19. Aug 2008, Josef Noll
    • And we have not talked about Semantic technologies “the Web of ! Services” the car and future car2x communication ! and what about all the sensor networks ! who takes care of my data ! 63 Privacy Issues 19. Aug 2008, Josef Noll
    • Semantic Web Services Dynamic Semantic Web WWW Static RDF, RDF(S), OWL URI, HTML, HTTP Syntactic Semantic source: Juan Miguel Gomez, UC3M 64 Privacy Issues 19. Aug 2008, Josef Noll
    • Semantic Web Services Dynamic Semantic Web WWW Static RDF, RDF(S), OWL URI, HTML, HTTP Syntactic Semantic source: Juan Miguel Gomez, UC3M 64 Privacy Issues 19. Aug 2008, Josef Noll
    • Semantic Web Services Web Services Dynamic UDDI, WSDL, SOAP Semantic Web WWW Static RDF, RDF(S), OWL URI, HTML, HTTP Syntactic Semantic source: Juan Miguel Gomez, UC3M 64 Privacy Issues 19. Aug 2008, Josef Noll
    • Semantic Web Services Bringing the web to its full potential Intelligent Web Web Services Dynamic Services UDDI, WSDL, SOAP Semantic Web WWW Static RDF, RDF(S), OWL URI, HTML, HTTP Syntactic Semantic source: Juan Miguel Gomez, UC3M 64 Privacy Issues 19. Aug 2008, Josef Noll
    • Semantics in Business: Enable a paradigm switch in searching information ! From ! Information Retrieval – To ! Question Answering – 65 Privacy Issues 19. Aug 2008, Josef Noll
    • Semantics in Business: Enable a paradigm switch in searching information ! Google: “Josef Noll” From ! Information Retrieval – To ! Question Answering – 65 Privacy Issues 19. Aug 2008, Josef Noll
    • Semantics in Business: Enable a paradigm switch in searching information ! Google: “Josef Noll” From ! Information Retrieval – Why did Josef Noll come to Norway? To ! Question Answering – “It is important to educate female engineers, ...” 65 Privacy Issues 19. Aug 2008, Josef Noll
    • ITEA-Wellcom project Future TV source: Sony And some of the partners working on tomorows TV experience: 66 Privacy Issues 19. Aug 2008, Josef Noll
    • ITEA-WellCom.org TV today and tomorrow Content TV STB 67 Privacy Issues 19. Aug 2008, Josef Noll
    • ITEA-WellCom.org TV today and tomorrow Content Service TV BT STB NFC 67 Privacy Issues 19. Aug 2008, Josef Noll
    • ITEA-WellCom.org TV today and tomorrow Content Service TV BT STB NFC 67 Privacy Issues 19. Aug 2008, Josef Noll
    • ITEA-WellCom.org TV today and tomorrow Content Service Trust & Personalisation Provider Commun- Service ication adaptation Context (jabber) TV BT STB NFC 67 Privacy Issues 19. Aug 2008, Josef Noll
    • ITEA-WellCom.org TV today and tomorrow Content Service Trust & Personalisation Provider Commun- Service ication adaptation Context (jabber) TV BT STB NFC 67 Privacy Issues 19. Aug 2008, Josef Noll
    • Third party business model • Media, • Banks, Service providers Content provider • Telecom, Corporate, Home Service Payment aggregator provider Identity and personalisation provider Customer Authentication care and Access provider 68 Josef Noll, “Who owns the SIM?”, 5 June 2007
    • Third party business model • Media, • Banks, Service providers Content provider • Telecom, Corporate, Home Service Payment aggregator • Service aggregator provider • Convenient interfaces • Ease of use Identity and personalisation provider Customer Authentication care and Access provider 68 Josef Noll, “Who owns the SIM?”, 5 June 2007
    • Third party business model • Media, • Banks, Service providers Content provider • Telecom, Corporate, Home Service Payment aggregator • Service aggregator provider • Convenient interfaces • Ease of use Identity and personalisation • Identity and personalisation provider provider Customer Authentication care and Access • Convenience provider • Trust 68 Josef Noll, “Who owns the SIM?”, 5 June 2007
    • The secure element: SIM card Identity and personalisation Service Authentication provider aggregator and Access provider Send key and Send info to credentials recipient NFC communication Send service to unit phone NFC2SIM SIM Smartcard interfaces ISO/IEC 7816 Josef Noll, “Who owns the SIM?”, 5 June 2007
    • The secure element: SIM card Identity and personalisation Service Authentication provider aggregator and Access provider Send key and Send info to • SIM is secure credentials recipient element NFC communication Send service to unit • controlled environment phone NFC2SIM • over-the-air update • open for applications SIM Smartcard interfaces ISO/IEC 7816 • SIM will be owned by user • managed by trusted third party Josef Noll, “Who owns the SIM?”, 5 June 2007
    • Challenges and Benefits 200 Convenience How insecure is the of usage Internet? Will the phone be the only 150 secure element? 100 Visa and Mastercard enable convenient small amount purchases Are Google, facebook and flickr more trusted than telecom 50 operators? Dynamic service environment? On-the-fly creation of services? 0 2006 2008 2010 Telco favourite Third party favourite 70 Josef Noll, “Who owns the SIM?”, 5 June 2007
    • Conclusions • “The last time we were connected by a wire was at birth!” [Motorola] • The service world is wireless – Q: “what is if you loose your phone?” – A: “A real crisis in life!” • Easy access to devices and services, dependent on the context of the user • Challenges – get control of complexity – get people understanding what they are doing and us understanding people http://wiki.unik.no ! 71 Privacy Issues 19. Aug 2008, Josef Noll
    • Thanks to contributions from My PhD students György Kálmán, Mohammad M. R. Chowdhury ! Lasse Øverlier, “Anonymity, Privacy and Hidden Services”, PhD thesis at ! University of Oslo Stefan Weiss, “Your Users’ Privacy”, Deloite & Touche, 2007 ! Thomas Hintz, “Protecting your Internet Privacy”, University of Florida, http:// ! notebook.ifas.ufl.edu/privacy/ Wikipedia; Dick Hardt, Identity 2.0 ! Erzsebet Somogyi, UNIK - now CanalDigital.no; Judith Rossebø, Telenor ! Movation - White paper 'Mobile Phone Evolution', April 2007 ! GPG(GNU Privacy Guard), based on PGP http://www.gnupg.org/ ! Anonymizer http://www.anonymizer.com/ ! Tor network, http://www.torproject.org ! The New York Times, Sony Europe, Facebook; isolatr.com ! Heung-Gyoon Ryu from Chungbuk National University, Korea ! ID theft in seconds, itpro.no ! 72 Privacy Issues 19. Aug 2008, Josef Noll