2-basic-techniques · 2020-02-21 · 21/02/2020 4 jaap-henk hoepman // aside: what is ‘data...
TRANSCRIPT
21/02/2020
1
Jaap-Henk Hoepman
* [email protected] // 8 www.cs.ru.nl/~jhh // 8 blog.xot.nl // @xotoxot
Privacy & Identity LabRadboud University
Tilburg UniversityUniversity of Groningen
Privacy SeminarBasic Techniques
1
Jaap-Henk Hoepman //
Agenda
n Privacy by Design● Principles
● Privacy Design Strategies
n Privacy Enhancing Technologies I
14-02-2019 // Basic Techniques 2
2
Privacy by design
3
3
21/02/2020
2
Jaap-Henk Hoepman //
Privacy by design
n Protect privacy when developing new technology:● From concept…
● … to realisation
n Privacy is a quality attribute (like security, performance,…)n Privacy by design is a process!
4
Throughout the system development cycle
14-02-2019 // Basic Techniques
4
Jaap-Henk Hoepman // 14-02-2019
// Basic Techniques
5
But how?
5
Jaap-Henk Hoepman //
Common engineering misconceptions #1
// Basic Techniques 6
0/1 vs.
14-02-2019
6
21/02/2020
3
Jaap-Henk Hoepman //
Common engineering misconceptions #2
// Basic Techniques 7
Data controller =
14-02-2019
7
Jaap-Henk Hoepman //
Common engineering misconceptions #3
// Basic Techniques 8
Privacy = Data minimisation
14-02-2019
8
Jaap-Henk Hoepman //
Personal data?
n But also…● License plate● IP Address
● Likes● Tweets
● Search terms
14-02-2019 // Basic Techniques 9
n So…● Name● Social security number
● Email address
9
21/02/2020
4
Jaap-Henk Hoepman //
Aside: what is ‘Data Processing’…
Action Relevant GDPR Personal Data Processing ExamplesOperate Adaptation; Alteration; Retrieval; Consultation; Use; Alignment; Combination
Store Organisation; Structuring; Storage
Retain opposite to (Erasure; Destruction)
Collect Collection; Recording
Share Transmission; Dissemination; Making Available; opposite to (Restriction; Blocking)
Change unauthorised third party (Adaptation; Alteration; Use; Alignment; Combination)
Breach unauthorised third party (Retrieval; Consultation)
// Basic Techniques 1014-02-2019
10
Eight privacy design strategies
11
11
Jaap-Henk Hoepman // // Basic Techniques 1214-02-2019
12
21/02/2020
5
Jaap-Henk Hoepman //
Privacy design strategies map
fuzzy legal concepts to
concrete data protection goals
to help control data processing
14-02-2019 // Basic Techniques 13
Legal norms
(Technical) design requirements
13
Jaap-Henk Hoepman //
Levels of abstraction
n Design strategy● “A basic method to achieve a particular design goal” – that has certain
properties that allow it to be distinguished from other basic design strategies
n Design pattern● “Commonly recurring structure to solve a general design problem
within a particular context”
n (Privacy enhancing) technology● “A coherent set of ICT measures that protects privacy” – implemented
using concrete technology
14-02-2019 // Basic Techniques 14
14
Jaap-Henk Hoepman //
Design pattern: example
14-02-2019 // Basic Techniques 15
15
21/02/2020
6
Jaap-Henk Hoepman //
Privacy design patterns
n Describes a recurring pattern of communicating components thatsolve a general problem in a specificcontext● Summary● Context● Problem● Solution
● Structure● Consequences● Requirements
n http://privacypatterns.org
n https://github.com/p4pnl/patterns
14-02-2019 // Basic Techniques 16
16
Jaap-Henk Hoepman //
Sources for the design strategies
n Standards● ISO 29100 Privacy framework
n Principles● OECD guidelines
● Fair Information Practices (FIPs)
n Law● General Data Protection Regulationn
14-02-2019 // Basic Techniques 17
17
Jaap-Henk Hoepman //
Data protection law (core principles)
n Legitimate Processing Grounds ● consent● necessity
n Data Subject Rights ● Notification● Access
● rectification
● object to profiling
n Data Protection Principles ● purpose limitation ● data minimisation
● duration of retention
● accuracy of the data
n Accountability● risk based-approach
● transparency of processing● data protection by design
● data protection impact assessment
14-02-2019 // Basic Techniques 18
18
21/02/2020
7
Jaap-Henk Hoepman //
IT system = essentially a database, so…
// Basic Techniques 19
Attributes
Ind
ivid
uals
minimise separate abstract hide
14-02-2019
19
Jaap-Henk Hoepman // 14-02-2019 // Basic Techniques 20
minimise
inform control
enforcedemonstrate
Data subject
Data controller
i
abstractseparate hide
20
Jaap-Henk Hoepman //
#1 Minimize
n Definition● Limit as much as possible the
processing of personal data.
n Associated tactics● EXCLUDE: refrain from
processing a data subject’s personal data.
● SELECT: decide on a case by case only relevant personal data.
● STRIP: partially remove unnecessary attributes.
● DESTROY: completely remove all personal data as soon as they become unnecessary.
n Examples● ”Select before you collect”.
● Blacklist.● Whitelist.
14-02-2019 // Basic Techniques 21
21
21/02/2020
8
Jaap-Henk Hoepman //
#2 Separate
n Definition● Separate the processing of
personal data as much as possible, to prevent correlation.
n Associated tactics● ISOLATE: process personal data
(for different purposes) independently in (logically) separate databases or systems.
● DISTRIBUTE: process personal data (for one task) in physically separate locations.
n Examples● Edge computing: process data in
the device of the user as much as possible.
● Peer-to-peer, e.g. a social network.
14-02-2019 // Basic Techniques 22
22
Jaap-Henk Hoepman //
#3 Abstract
n Definition● Limit as much as possible the detail
in which personal data is processed.
n Associated tactics● GROUP: aggregate data over groups
of individuals, instead of processing data of each person separately.
● SUMMARIZE: summarise detailed information into more abstract attributes.
● PERTURB: add noise or approximate the real value of a data item.
n Examples● Process age instead of date of birth.● Aggregate data over time, in e.g.
smart grids.
● Pproximate the real location of a user (in e.g. 10 km2 resolution).
14-02-2019 // Basic Techniques 23
23
Jaap-Henk Hoepman //
#4 Hide
n Definition● Prevent personal data to become
public or known.
n Associated tactics● RESTRICT: prevent unauthorized
access to personal data.● ENCRYPT: encrypt data (in transit
or when stored).● DISSOCIATE: remove the
correlation between data subjects and their of personal data.
● MIX: process personal data randomly within a large enough group to reduce correlation.
● OBFUSCATE: prevent understandability of personal data, e.g. by hashing them.
n Examples● Mix networks, Tor.
● Pseudonimisation.● Differential privacy.
● Access control.● Attribute based credentails.
14-02-2019 // Basic Techniques 24
24
21/02/2020
9
Jaap-Henk Hoepman //
#5 Inform
n Definition● Inform data subjects about the
processing of their personal data.
n Associated tactics● SUPPLY: inform users which
personal data is processed, including policies, processes, and potential risks.
● EXPLAIN: provide this information in a concise and understandable form, and explain why the processing is necessary.
● NOTIFY: alert data subjects whenever their personal data are being used, or get breached.
n Examples● Readable privacy policy.● Privacy icons.● Algorithmic transparency.
14-02-2019 // Basic Techniques 25
25
Jaap-Henk Hoepman //
#6 Control
n Definition● Provide data subjects control
about the processing of their personal data.
n Associated tactics● CONSENT: only process personal
data for which explicit, freely-given, and informed consent is received.
● CHOOSE: allow data subjects to select which personal data will be processed.
● UPDATE: provide data subjects with the means to keep their personal data accurate and up to date.
● RETRACT: honouring the data subject’s right to the complete removal of any personal data in a timely fashion.
n Examples● Opt-in (instead of opt-out).● Privacy dashboard.
14-02-2019 // Basic Techniques 26
26
Jaap-Henk Hoepman //
#7 Enforce
n Definition● Commit to processing personal data
in a privacy friendly way, and enforce this.
n Associated tactics● CREATE: decide on a privacy policy
that describes how you wish to protect personal data
● MAINTAIN: maintain this policy, and
● UPHOLD: ensuring that policies are adhered to by treating personal data as an asset, and privacy as a goal to incentivize as a critical feature.
n Example● Specify and enforce a privacy
policy.● Assign responsibilities.● Check that the policy is effective,
and adapt where necessary.● Take alll necessary technical and
organisational measures.
14-02-2019 // Basic Techniques 27
27
21/02/2020
10
Jaap-Henk Hoepman //
#8 Demonstrate
n Definition● Demonstrate you are processing
personal data in a privacy friendly way.
n Associated tactics● LOG: track all processing of data,
and reviewing the information gathered for any risks.
● AUDIT: audit the processing of personal data regularly.
● REPORT: analyze collected information on tests, audits, and logs periodically and report to the people responsible.
n Example● Privacy management system (cf. ISO
27001 information security management systems).
● Certification.
14-02-2019 // Basic Techniques 28
28
Jaap-Henk Hoepman //
Eight privacy design strategies
Data orientedn MINIMIZE
● Limit as much as possible the processing of personal data.
n SEPARATE
● Separate the processing of personal data as much as possible, to prevent correlation.
n ABSTRACT
● Limit as much as possible the detail in which personal data is processed.
n HIDE
● Prevent personal data to become public or known.
Process orientedn INFORM
● Inform data subjects about the processing of their personal data.
n CONTROL
● Provide data subjects control about the processing of their personal data.
n ENFORCE
● Commit to processing personal data in a privacy friendly way, and enforce this.
n DEMONSTRATE
● Demonstrate you are processing personal data in a privacy friendly way.
14-02-2019 // Basic Techniques 29
29
Jaap-Henk Hoepman //
Impact assessment vs strategies
// Basic Techniques 30
ConceptDevelopment
Analysis
Privacy Design Strategies
Privacy Impact Assessment
14-02-2019
30
21/02/2020
11
Jaap-Henk Hoepman //
Tensions
n Privacy vs. Utility
n Privacy vs. Security
n Privacy vs. Usability
n Data protection vs privacy as norm
n Perception of the data subject vs data controller ininterests
14-02-2019 // Basic Techniques 31
31
Jaap-Henk Hoepman //
Concluding remarks
n Limits to privacy by design● Privacy is fragile; may break when combining or extending systems
● The level of privacy protection is hard to define and measure, making different systems hard to compare
● Implementation obstacles
n Incentives and effective deterrence mechanisms needed
n Better understanding of privacy (by design) as a process needed
n Tools to support privacy by design in practice are missing
n Stronger role of standardisation
14-02-2019 // Basic Techniques 32
32
Jaap-Henk Hoepman //
Further information
● G. Danezis, J. Domingo-Ferrer, M. Hansen, J.-H. Hoepman, D. L.
Metayer, R. Tirtea, and S. Schiffner. Privacy and Data Protection by Design - from policy to engineering. Technical report, ENISA, December 2014. ISBN 978-92-9204-108-3, DOI 10.2824/38623. https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/privacy-and-data-protection-by-design
● M. Colesky, J.-H. Hoepman, and C. Hillen. A Critical Analysis of Privacy Design Strategies. In 2016 International Workshop on Privacy Engineering – IWPE'16, San Jose, CA, USA, May 26 2016.
http://www.cs.ru.nl/~jhh/publications/iwpe-privacy-strategies.pdf
14-02-2019 // Basic Techniques 33
33
21/02/2020
12
Privacy Enhancing Technologies
34
34
PETS: forward and future secrecy
35
Jaap-Henk Hoepman //
Perfect forward security (1)
n Goal:● Compromise of an actor at time 𝑡 does not reveal anything about any
activities in the past, i.e. at time 𝑡’ < 𝑡.
n How to achieve that?
14-02-2019 // Basic Techniques 36
36
21/02/2020
13
Jaap-Henk Hoepman //
Perfect forward security (2)
n Time divided into epochsn Each epoch users update their keys
● Preferably without communicating with each other
n And destroy the old keys● Which cannot be derived back from the new keys just established
n Suppose adversary compromises user at epoch 𝑗● Then he cannot recover the keys used at past epoch 𝑖 < 𝑗, and hence not recover the
messages exchanged in previous epochs
n Example using symmetric keys● 𝑘' = 𝐻(𝑘'+,)● Where 𝐻 is a Key Derivation Function (KDF)
n Alternatively: session keys● Established using Diffie-Hellman key exchange
● Only works in synchronous settings, not for asynchronous messaging
14-02-2019 // Basic Techniques 37
37
Jaap-Henk Hoepman //
Future secrecy (1)
n Goal:● Allow actors to recover from a compromise by an adversary
n Observation● Techniques for perfect forward security do not have this property
● (Although for DH based techniques it depends on the threat model)
n Again: how to achieve this?
14-02-2019 // Basic Techniques 38
38
Jaap-Henk Hoepman //
Future secrecy
n ’self-healing’ property
n Suppose adversary compromised user at some epoch (or recovered keys used in this epoch), but user recovers at epoch 𝑖● I.e. Adversary no longer controls user at epoch 𝑖
n Then adversary● cannot recover the keys used at future epoch 𝑗 > 𝑖, and hence not
recover the messages exchanged in future epochs
n How to implement this: use OTR● OTR advertises next key to use in a message, and sender will use this
key as soon as recipient acknowledges this key
14-02-2019 // Basic Techniques 39
39
21/02/2020
14
Jaap-Henk Hoepman //
Forward security + Future secrecy
n The Signal Rachet
14-02-2019 // Basic Techniques 40
https://signal.org/blog/advanced-ratcheting/
40
Jaap-Henk Hoepman //
Signal’s rachet
n Start with a root key 𝑅n Alice uses ephemeral DH keys(𝑎', 𝐴' = 𝑔45); Bob similarly● Advertise 𝐴' with every message● Generate next key 𝐴'6, when
receiving (correct) 𝐵8 from Bob
n Whenever Alice generates new ephemeral key, advance the root● 𝑅’ ←𝑅𝑎𝑛𝑑𝑎'6,𝑎𝑛𝑑𝐵8● Derive hash rachet key H=ℎ(𝑅’)● Hash this with every new message
sent/received𝐻’ = ℎ(𝐻)● Derive message key 𝑘 = ℎ 𝐻
30-01-2018 // Privacy by design 41
41
PETS: hiding metadata
42
21/02/2020
15
Jaap-Henk Hoepman //
Hiding metadata
● Mixnetworks
● Onion routing
● DC networks
n Discussed in several other TRU/e courses…
11-2-2016 // Privacy Enhancing Technologies 43
43
Homomorphic encryption
44
Jaap-Henk Hoepman //
(Partial) Homomorphic encryption
n A public key encryption protocol 𝐸?:𝑃 ↦ 𝐶● From plaintext space 𝑃, with group operation +● To ciphertext space 𝐶, with group operation ×
n Such that● 𝐸? 𝑎 + 𝑏 = 𝐸? 𝑎 ×𝐸? 𝑏 andhencealso 𝑐×𝐸? 𝑎 = 𝐸? 𝑎 R
n Example: Paillier (1999)
n What can you do with homomorphic encryption● Jointly compute the sum of private values, e.g. smart grid● Electronic voting
11-2-2016 // Privacy Enhancing Technologies 45
45
21/02/2020
16
Blind signatures
11-2-2016// Privacy Enhancing Technologies 46
46
Jaap-Henk Hoepman //
Blind signature
11-2-2016 // Privacy Enhancing Technologies 47
47
Zero-knowledge protocols
11-2-2016
// Privacy Enhancing Technologies 48
48
21/02/2020
17
Jaap-Henk Hoepman //
Zero knowledge
n The cave of Ali Baba
11-2-2016 // Privacy Enhancing Technologies 49
49
Jaap-Henk Hoepman //
Vragen / discussie
14-02-2019 // Basic Techniques 50
twitter: @xotoxot8 www.cs.ru.nl/~jhh* [email protected] 8 blog.xot.nl
[Monty Python’s Argument Clinic sketch]
50