08448380779 Call Girls In Friends Colony Women Seeking Men
Privacy issues in network environments
1. Lappeenranta Summer School on Telecommunications 2008
-
Privacy Issues in Network
Environments
Josef Noll
University Graduate Center at Kjeller, UNIK/
University of Oslo, UiO
josef.noll@unik.no
Lappeenranta, 19 August 2008
http://wiki.unik.no -
2. Research and
!
Education at Kjeller
Close relation to FFI,
!
IFE, NILU,...
2
Privacy Issues 19. Aug 2008, Josef Noll
3. t
f the bes
o
re some n
Norwegia
tive whe
tia e
o build th
citing ini t
a very ex emselves tion”
is h
commit t
Movation a
gy innov
Norway
quot; lo
panies in s techno a
ffey, Abeli
com wireles
Paul Cha
in
nal team –
natio
“Innovation by Design”
3
Privacy Issues 19. Aug 2008, Josef Noll
4. Have you heard these ones?
from Scott Mc Nealy (Sun Microsystems)
of is
o fond
s
ou are
acy y
e priv
“Th usion”
an ill
ostly
m
“You h
ave no
privacy
. Get ov
er it.”
4
Privacy Issues 19. Aug 2008, Josef Noll
5. Have you heard these ones?
from Scott Mc Nealy (Sun Microsystems)
of is
o fond
s
ou are
acy y
e priv
“Th usion”
an ill
ostly So, let’s go
m
home and do
something useful
“You h
ave no
privacy
. Get ov
er it.”
4
Privacy Issues 19. Aug 2008, Josef Noll
7. Outline
Privacy, Identity, Trust, Reputation,....
!
Network environments
!
technical: Internet and wireless networks
–
Social networks
–
.... networks
–
Technologies
!
Protection mechanisms
!
! Legal issues
! Tips and tricks
6
Privacy Issues 19. Aug 2008, Josef Noll
8. Privacy
Privacy is the ability of an individual or group to seclude themselves or
information about themselves and thereby reveal themselves selectively. The
boundaries and content of what is considered private differ among cultures and
individuals, but share basic common themes. Privacy is sometimes related to
anonymity, the wish to remain unnoticed or unidentified in the public realm.
source: Wikipedia
7
Privacy Issues 19. Aug 2008, Josef Noll
9. Privacy
Privacy is the ability of an individual or group to seclude themselves or
information about themselves and thereby reveal themselves selectively. The
boundaries and content of what is considered private differ among cultures and
individuals, but share basic common themes. Privacy is sometimes related to
anonymity, the wish to remain unnoticed or unidentified in the public realm.
source: Wikipedia
Physical:
!
intrusion into physical space (sauna, stalking,...)
-
- searching in my personal possessions
- access to my home
! Informational
- Internet, electronic traces
- Medical data
! Organisational
- Industrial property rights (IPR)
- protection of secrets
7
Privacy Issues 19. Aug 2008, Josef Noll
10. Physical privacy
don’t touch me
!
don’t kiss me
!
don’t invade
!
don’t you dare
!
8
Privacy Issues 19. Aug 2008, Josef Noll
11. Physical privacy
Factors
don’t touch me
!
! cultural sensitivity
don’t kiss me
!
! personal dignity
don’t invade
!
! shyness
don’t you dare
!
! safety concerns
8
Privacy Issues 19. Aug 2008, Josef Noll
12. Physical privacy
Factors
don’t touch me
!
! cultural sensitivity
don’t kiss me
!
! personal dignity
don’t invade
!
! shyness
don’t you dare
!
! safety concerns
The worst places
(for me)
8
Privacy Issues 19. Aug 2008, Josef Noll
13. Physical privacy
Factors
don’t touch me
!
! cultural sensitivity
don’t kiss me
!
! personal dignity
don’t invade
!
! shyness
don’t you dare
!
! safety concerns
The worst places The best places (for me)
(for me)
8
Privacy Issues 19. Aug 2008, Josef Noll
14. Physical privacy
Factors
don’t touch me
!
! cultural sensitivity
don’t kiss me
!
! personal dignity
don’t invade
!
! shyness
don’t you dare
!
! safety concerns
The worst places The best places (for me)
(for me)
8
Privacy Issues 19. Aug 2008, Josef Noll
15. Organisational privacy
What is in Coca Cola? Access to fingerprints
! !
of all people
!
When will VW launch
!
the new Golf?
9
Privacy Issues 19. Aug 2008, Josef Noll
16. Organisational privacy
What is in Coca Cola? Access to fingerprints
! !
of all people
!
When will VW launch
!
the new Golf?
Factors
! Patent (IPR)
! Trade mark
! price of information
! effect of damage
9
Privacy Issues 19. Aug 2008, Josef Noll
17. Information privacy
Information about me
! electronic information
stored about me
religion, sexual
-
orientation, political
opinion
personal activities
-
family information
-
Membership in social
!
networks
access to accounts
!
Medical information
!
Political privacy
!
10
Privacy Issues 19. Aug 2008, Josef Noll
18. Information privacy
Electronic traces
Information about me
! Mobile phone
! electronic information
stored about me GSM,
-
Bluetooth
religion, sexual -
-
orientation, political sensor data
!
opinion
traffic cameras
!
personal activities
-
surveillance
!
family information
-
payment card usage
!
Membership in social
!
networks fingerprint check-in
!
access to accounts
!
Medical information
!
Political privacy
!
10
Privacy Issues 19. Aug 2008, Josef Noll
19. Summary
Factors influencing privacy
cultural sensitivity
!
personal dignity
!
shyness
!
....
!
11
Privacy Issues 19. Aug 2008, Josef Noll
20. Summary
Factors influencing privacy
cultural sensitivity safety concerns
! !
personal dignity effect of damage
! !
shyness professional reputation
! !
.... discrimination ....
! !
11
Privacy Issues 19. Aug 2008, Josef Noll
21. Summary
Factors influencing privacy
cultural sensitivity safety concerns
! !
personal dignity effect of damage
! !
shyness professional reputation
! !
.... discrimination ....
! !
11
Privacy Issues 19. Aug 2008, Josef Noll
22. Summary
Factors influencing privacy
cultural sensitivity safety concerns
! !
personal dignity effect of damage
! !
shyness professional reputation
! !
.... discrimination ....
! !
My own understanding
Privacy is about protecting myself such that others
can’t harm me more than I can tolerate
harm
others
--> trust, relation --> my roles (identity)
11
Privacy Issues 19. Aug 2008, Josef Noll
23. Reality
What the Internet knows about me
Preface
I am not a member of a social network (yet). I do not
publishing pictures about me.
And still ...
12
Privacy Issues 19. Aug 2008, Josef Noll
24. Reality
What the Internet knows about me
Preface
I am not a member of a social network (yet). I do not
publishing pictures about me.
And still ...
12
Privacy Issues 19. Aug 2008, Josef Noll
25. Reality
What the Internet knows about me
Preface
I am not a member of a social network (yet). I do not
publishing pictures about me.
And still ...
12
Privacy Issues 19. Aug 2008, Josef Noll
26. Reality
What the Internet knows about me
Preface
I am not a member of a social network (yet). I do not
publishing pictures about me.
And still ...
12
Privacy Issues 19. Aug 2008, Josef Noll
27. Reality
What the Internet knows about me
Preface
I am not a member of a social network (yet). I do not
publishing pictures about me.
And still ...
and I’m only talking Privacy Issues my public availableJosef Noll
about data 12
19. Aug 2008,
28. Two more definitions
Roles,
Identities
User
User profile,
behaviour
privacy
Location,
Proximity
Community
Context,
Presence
13
Privacy Issues 19. Aug 2008, Josef Noll
29. Two more definitions
others
--> trust, relation
Roles,
Identities
User
User profile,
behaviour
privacy
Location,
Proximity
Community
harm Context,
--> my roles (identity) Presence
13
Privacy Issues 19. Aug 2008, Josef Noll
30. Identity
In philosophy, identity is whatever makes an entity definable
!
and recognizable, in terms of possessing a set of qualities or
characteristics.
Identity is an umbrella term used throughout the social
!
sciences for an individual's comprehension of him or herself as
a discrete, separate entity.
Digital identity also has another common usage as the digital
!
representation of a set of claims made by one digital subject
about itself or another digital subject.
An online identity is a social identity that network users
!
establish in online communities.
As more more services are accessible in digital world, digital
!
identities and their management will play a vital role in secure
service access and privacy …..
source: Wikipedia
14
Privacy Issues 19. Aug 2008, Josef Noll
31. Identity: Real world to digital world
Digital identity
Passwords
everywhere
Real world Identities
Digital world
identities
Identity
Digital world
Recommendation: Dick Hardt@OSCON,
!
Identity 2.0 15
Privacy Issues 19. Aug 2008, Josef Noll
32. The dilemma of computer science
Identity - “same as” and “not”
Identity is an umbrella term used throughout the social
!
sciences for an individual's comprehension of him or herself as
a discrete, separate entity.
16
Privacy Issues 19. Aug 2008, Josef Noll
33. The dilemma of computer science
Identity - “same as” and “not”
Identity is an umbrella term used throughout the social
!
sciences for an individual's comprehension of him or herself as
a discrete, separate entity.
Computer science: use of ontologies, binary strings ‘xFxkeyil9e4’
!
same as
Josef
Josef Noll
16
Privacy Issues 19. Aug 2008, Josef Noll
34. The dilemma of computer science
Identity - “same as” and “not”
Identity is an umbrella term used throughout the social
!
sciences for an individual's comprehension of him or herself as
a discrete, separate entity.
Computer science: use of ontologies, binary strings ‘xFxkeyil9e4’
!
same as
Josef Roles,
Identities
Josef Noll
Community
Context
16
Privacy Issues 19. Aug 2008, Josef Noll
35. The dilemma of computer science
Identity - “same as” and “not”
Identity is an umbrella term used throughout the social
!
sciences for an individual's comprehension of him or herself as
a discrete, separate entity.
Computer science: use of ontologies, binary strings ‘xFxkeyil9e4’
!
same as
Josef Roles,
Identities
Josef Noll
Community
Context
Are we in computer science in the Middle Ages?
!
G. W. Leipniz (1646): if a=b and
!
b=c, then a=c
16
Privacy Issues 19. Aug 2008, Josef Noll
36. Reputation and Trust
Reputation is the opinion (more technically, a social evaluation) of
!
the public toward a person, a group of people, or an organization. It
is an important factor in many fields, such as business, online
communities or social status.
Reputation is known to be a ubiquitous, spontaneous and highly
!
efficient mechanism of social control in natural societies.
Trust is a relationship of reliance. A trusted party is presumed to
!
seek to fulfill policies, ethical codes, law and their previous
promises.
Trust is a prediction of reliance on an action, based on what a party
!
knows about the other party. Comment: Members of “la familia”
trusts each other
17
Privacy Issues 19. Aug 2008, Josef Noll
37. Reputation and Trust
Reputation is the opinion (more technically, a social evaluation) of
!
the public toward a person, a group of people, or an organization. It
is an important factor in many fields, such as business, online
communities or social status.
Reputation is known to be a ubiquitous, spontaneous and highly
!
efficient mechanism of social control in natural societies.
Trust is a relationship of reliance. A trusted party is presumed to
!
seek to fulfill policies, ethical codes, law and their previous
promises.
Trust is a prediction of reliance on an action, based on what a party
!
knows about the other party. Comment: Members of “la familia”
trusts each other
do we really believe we can manage trust and
represent reputation? 17
Privacy Issues 19. Aug 2008, Josef Noll
40. Revisit:
Information privacy
It starts with the radio
! radio is broadcast: everyone can listen
! “radio identity” (MAC, Bluetooth,...) is known
! eavesdropping of traffic, man-in-the-middle: read-
your email (smtp is plain text)
Bluetooth and other ad-hoc networks, connectivity
!
to phone without notice
wireless networks at home: WEP easy to crack,
!
access to whole home infrastructure
Mobile phone (GSM): location, fake base-station
!
19
Privacy Issues 19. Aug 2008, Josef Noll
41. Revisit:
Information privacy
And it never stops
! Eavesdropping -> read your communication
! Crack WEP (encryption) -> read open information
! DNS forging -> leading you to a different site
! Phishing -> getting your secure information
“Click to confirm that you read the privacy issue”
!
Netvibes: Leading personal start page to manage
!
your digital life
Banking, Social Networks....
!
20
Privacy Issues 19. Aug 2008, Josef Noll
42. Revisit:
Information privacy
And it never stops
! Eavesdropping -> read your communication
! Crack WEP (encryption) -> read open information
! DNS forging -> leading you to a different site
! Phishing -> getting your secure information
“Click to confirm that you read the privacy issue”
!
Netvibes: Leading personal start page to manage
!
your digital life
Banking, Social Networks....
!
20
Privacy Issues 19. Aug 2008, Josef Noll
43. Revisit:
Information privacy
And it never stops
! Eavesdropping -> read your communication
! Crack WEP (encryption) -> read open information
! DNS forging -> leading you to a different site
! Phishing -> getting your secure information
“Click to confirm that you read the privacy issue”
!
Netvibes: Leading personal start page to manage
!
your digital life
Banking, Social Networks....
!
20
Privacy Issues 19. Aug 2008, Josef Noll
44. Some technology first
Have you heard these ones?
nsistors
more tra
roduced
world p
2007) the nor R&I
ear (
CEO, Tele
quot;Last y
Haugli,
orns”
an rice c Christian
th – Hans
“In thre
e to fiv
e years
devices
we will
in our v interac
– Mari icinity” t with t
e Auste o 30-50
nstaa, C
onnecte
d Objec
ts, Tele
nor R&I
21
Privacy Issues 19. Aug 2008, Josef Noll
45. “The speed of technology”
The speed of development
!
source: Gerhard Fettweis, TU Dresden
Do you remember: “There might be a need for 5
!
computers” (1943 Watson(?), 1951 Hartree)
Mobile: NMT, GSM, GPRS, EDGE, UMTS, 3G, HSDPA,
!
SMS, EMS, MMS,... DVB-H,...
22
Privacy Issues 19. Aug 2008, Josef Noll
46. Mobile Phone and Sensors
N. Arora, Google Europe Manager [Oslo Innovation
!
Week]:
By 2012, iPods ... be capable of holding all music
–
you will ever hear in your life (or one year of video)
By 2018 it can hold all videos ever produced
–
This speed will continue until 2025 [ITRS Roadmap]
!
23
Privacy Issues 19. Aug 2008, Josef Noll
47. Mobile Phone and Sensors
N. Arora, Google Europe Manager [Oslo Innovation
!
Week]:
By 2012, iPods ... be capable of holding all music
–
you will ever hear in your life (or one year of video)
By 2018 it can hold all videos ever produced
–
This speed will continue until 2025 [ITRS Roadmap]
!
Imagine a device, which
!
will save all the conversations you ever had
–
will record all the environments you have ever been in
–
identity all people you have ever talked to and remember what
–
you talked about
23
Privacy Issues 19. Aug 2008, Josef Noll
48. Mobile Phone and Sensors
N. Arora, Google Europe Manager [Oslo Innovation
!
Week]:
By 2012, iPods ... be capable of holding all music
–
you will ever hear in your life (or one year of video)
By 2018 it can hold all videos ever produced
–
This speed will continue until 2025 [ITRS Roadmap]
!
Imagine a device, which
!
will save all the conversations you ever had
–
will record all the environments you have ever been in
–
identity all people you have ever talked to and remember what
–
you talked about
“Your Mobile will do”
!
23
Privacy Issues 19. Aug 2008, Josef Noll
49. Let’s get at deep breath....
and see what we can do
about it
24
Privacy Issues 19. Aug 2008, Josef Noll
50. Recall
Lessions learned
Definitions of Privacy, Identity, Trust, Reputation,....
!
“It all begins with the radio”
!
location, device identity
–
eavesdropping, phishing, man-in-the-middle, forging
–
The user providing all kinds of information
!
social networks, service providers, ...
–
25
Privacy Issues 19. Aug 2008, Josef Noll
52. Privacy Requirements
“How much will it cost me if my privacy gets compromised?”
•see: lost mobile phone, security of your house
Examples of
•take appropriate measures Services
VPN, !/$
email, photo
Network access
27
Privacy Issues 19. Aug 2008, Josef Noll
53. Protecting the identity?
8 million US residents victims of identity theft in 2006
!
(4% of adults)
US total (known) cost of identity theft was $49 billion
!
~10% was paid by customers
–
remaining by merchants and financial institutions
–
Average victim spent $531 and 25 hours to repair
!
for damages Source: Lasse Øverlier & California Office of Privacy Protection
ID theft in seconds
http://itpro.no/art/11501.html
28
Privacy Issues 19. Aug 2008, Josef Noll
54. 2nd lecture
Personalisation, tips and tricks
Personalisation of service, why?
!
The role of the mobile phone
!
Seamless authentication
–
Payment and access
–
Protection mechanisms
!
Legal issues
–
Tips and tricks
–
–
29
Privacy Issues 19. Aug 2008, Josef Noll
55. User profiles/profiling -
“We have heard that before, nothing has
happened”
Complexity is ever increasing -> Need for reduction
!
Technology is in place -> Semantics, Web Services,...
!
Research projects address adaptation of services towards
!
user needs
Mobile phones are becoming the source for Internet and
!
Service access
– 20-30 % of all phones worldwide will be smartphones by
2009
– 30 % of mobile users in the Nordic will receive push
content by 2010
Market need for personalisation: “Mobile advertisement has
!
to fit to the user, otherwise it will fail completely” Phone Evolution, April 2007]
[Movation White Paper, Mobile
30
Privacy Issues 19. Aug 2008, Josef Noll
56. User profiles/profiling -
“Nobody is willing to pay for it”
“Mobile advertisement is 1000 to 10000 times more valuable
!
as Internet advertisement” [Bjarne Myklebust, NRK]
“The chances of annoying customers through mobile
!
advertisements are high. Mobile advertisements have to fit.”
“Mobile advertising isn’t only hot, it’s on fire.” [Bena Roberts,
!
GoMo News]
Operators launch mobile advertisement companies (Telenor)
!
31
Privacy Issues 19. Aug 2008, Josef Noll
57. My phone collects all my security
SIM with
NFC & PKI
32
Privacy Issues 19. Aug 2008, Josef Noll
58. Mobile Services, incl. NFC
• NFC needs next
• Focus in 2008 on
generation phones
mobile web
• S60, UIQ, ...
• Push content upcoming
• Common Application
development
• Integrated
SMS authentication Mobile Web
Push content NFC payment
60
development
45
30
15
0
2006 2008 2010
Expected customer usage [%] “have tried” of
mobile services in the Nordic Market
[“Mobile Phone Evolution”, Movation White paper, May 2007]
33
Josef Noll, “Who owns the SIM?”, 5 June 2007
59. Mobile Services, incl. NFC
• NFC needs next
• Focus in 2008 on
generation phones
mobile web
• S60, UIQ, ...
• Push content upcoming
• Common Application
development
• Integrated
SMS authentication Mobile Web
Push content NFC payment
60
development
45
30
15
0
2006 2008 2010
Expected customer usage [%] “have tried” of
mobile services in the Nordic Market
[“Mobile Phone Evolution”, Movation White paper, May 2007]
33
Josef Noll, “Who owns the SIM?”, 5 June 2007
60. Operator supported service access
Seamless
Authentication authentication
provider
34
Privacy Issues 19. Aug 2008, Josef Noll
61. Operator supported service access
Seamless
Authentication authentication
provider
Service
access
34
Privacy Issues 19. Aug 2008, Josef Noll
62. Operator supported service access
Seamless
Authentication authentication
provider
Service Physical
VPN
access access
34
Privacy Issues 19. Aug 2008, Josef Noll
63. Operator supported service access
Seamless
Authentication authentication
provider
Home
Service Physical access, .mp3,
VPN
access access .jpg
34
Privacy Issues 19. Aug 2008, Josef Noll
70. WAP gateway
Seamless authentication
HTTP request HTTP request
Hash
94815894 !quot;#$%&'()*+,-.//
Pictures for ’rzso’.
Password:1234
sID: cTHG8aseJPIjog==
Source: Erzsebet Somogyi, UNIK
36
Privacy Issues 19. Aug 2008, Josef Noll
71. Banking
from the mobile phone
Security considerations
! Equally secure as SMS Welcome Josef:
(get your account status) SIM authentication
! Easy to use
! Advanced functionality
through PIN (if required)
quot; Seamless phone (SIM)
authentication
! Advanced security when
required
BankID or
–
NFC
communication
PIN
– unit
NFC2
SIM
SIM
Smartcard interfaces
ISO/IEC 7816
37
Privacy Issues 19. Aug 2008, Josef Noll
72. Banking
from the mobile phone
Security considerations
! Equally secure as SMS Welcome Josef:
(get your account status) SIM authentication
! Easy to use
! Advanced functionality
through PIN (if required) Information:
quot; Seamless phone (SIM)
Using SIM,
authentication no customer input
! Advanced security when required
required
BankID or
–
NFC
communication
Account status
PIN
– unit
NFC2
SIM
SIM
Smartcard interfaces
ISO/IEC 7816
37
Privacy Issues 19. Aug 2008, Josef Noll
73. Banking
from the mobile phone
Security considerations
! Equally secure as SMS Welcome Josef:
(get your account status) SIM authentication
! Easy to use
! Advanced functionality
Advanced
through PIN (if required) Information: functionality
quot; Seamless phone (SIM)
Using SIM,
authentication BankID or PIN
no customer input
(double security)
! Advanced security when required
required
BankID or
–
Transfer,
NFC
communication
Account status
PIN
– unit
payments
NFC2
SIM
SIM
Smartcard interfaces
ISO/IEC 7816
37
Privacy Issues 19. Aug 2008, Josef Noll
74. MyBank example:
User incentive:
! “My account is just one
click away”
! “enhanced security for
transactions”
quot;Phone (SIM) authentication
quot;Level 2 security through
PKI/BankID/PIN?
38
Privacy Issues 19. Aug 2008, Josef Noll
75. RFID and NFC
example: Birkebeiner
Online information to mobile
!
phone
Could be used for photo, video,
!
etc
39
Privacy Issues 19. Aug 2008, Josef Noll
76. NFC –
Near field communication
Based on RFID technology at 13.56
! • ECMA-340, ISO/IEC 18092 &
MHz ECMA-352, …standards
Typical operating distance 10 cm
! • Powered and non-self powered
devices
Compatible with RFID
!
Data rate today up to 424 kbit/s
!
Philips and Sony
!
Photo: Nokia
40
Privacy Issues 19. Aug 2008, Josef Noll
77. NFC is ...
RFID at 13.56 MHz
!
RF (modem) and protocolls
!
41
Privacy Issues 19. Aug 2008, Josef Noll
78. NFC is ...
Passive operation:
RFID at 13.56 MHz
!
1) Phone=Reader has static
RF (modem) and protocolls
! magnetic field
2) Tag acts as resonator, “takes
energy” ~1/r^6
41
Privacy Issues 19. Aug 2008, Josef Noll
79. NFC is ...
Passive operation:
RFID at 13.56 MHz
!
1) Phone=Reader has static
RF (modem) and protocolls
! magnetic field
2) Tag acts as resonator, “takes
energy” ~1/r^6
41
Privacy Issues 19. Aug 2008, Josef Noll
80. NFC is ...
Passive operation:
RFID at 13.56 MHz
!
1) Phone=Reader has static
RF (modem) and protocolls
! magnetic field
2) Tag acts as resonator, “takes
energy” ~1/r^6
1
Power decrease of static and electromagnetic field
0,75
0,5
1/r^2
0,25
1/r^6
0 0,8 1,6 2,4 3,2 4 4,8 5,6 6,4 7,2 8 8,8 9,6
41
Privacy Issues 19. Aug 2008, Josef Noll
81. NFC use cases
Payment and access
!
include Master-/Visacard in the phone
–
have small amount money electronically
–
admittance to work
–
Service Discovery
!
easy access to mobile services:
–
Web page, SMS, call, ...
local information and proximity services (get
–
a game)
Ticketing
!
Mobile tickets for plain, train, bus:
–
Parents can order and distribute, ...
Source: Nokia 6131 NFC Technical Product Description
42
Privacy Issues 19. Aug 2008, Josef Noll
85. NFCIP-2 Interface and protocol
Proximity Card Vicinity Card
NFC device
Reader Reader
Interface
Standards
NO
15693 okay
ECMA-340 ISO/IEC 14443 ISO/IEC 15693
PCD mode VCD mode
(MIFARE, FeliCa) (facility access)
44
Privacy Issues 19. Aug 2008, Josef Noll
86. The radio
NFC and privacy
NFC is “as bad” as
!
your contactless Master and Visa card
–
your passport
–
Typical reading distance up to 4 cm (for activation)
!
Eavesdropping possible under operation (1/r^2),
!
encrypted communication
–
45
Privacy Issues 19. Aug 2008, Josef Noll
87. The radio
NFC and privacy
NFC is “as bad” as
!
your contactless Master and Visa card
–
your passport
–
Typical reading distance up to 4 cm (for activation)
!
Eavesdropping possible under operation (1/r^2),
!
encrypted communication
–
Passport
USA: passport can only be read when
!
opened
European passport: just place it on NFC
!
reader
45
Privacy Issues 19. Aug 2008, Josef Noll
88. New current SIM to Future SIM
visions GlobalPlatform
From Real Estate 3.r
ionsfor mobile / UICC GlobalPlatform’s Party sec. dom
vision
Real Estate 3.rd
! To comply with 3G networking requirements
UICC Party sec. domains
(USIM)
vision
Security features (algorithms and protocols),
–
longer key lengths
GSM uses EAP SIM: client authentication
–
UMTS uses EAP AKA: Mutual authentication
–
3rd party identities
!
ISIM application (IMS)
–
Current Telenor private user identity
On-board On-board –
WEB server ! WEB server !
SIM (UICC) card one or more public user
–
(from 2001) identities
Multi-
Multi-
Thread
Plus ETSI SCP– Long term secret
Thread
Plus ETSI
3 new phys IFs:
3 new phy
12 Mb/s USB
SUN
2009?
12 Mb/s
SUN
(Java) NFC (SWP)
2009?
Source: Judith Rossebø, Telenor
(Java) NFC (S
46
Privacy Issues 19. Aug 2008, Josef Noll
89. Network privacy
GSM
!
client-based positioning allows user to take control
–
trustworthy operators?
–
WLAN
!
open for all kinds of attacks
–
example: TraceRoute for exposing packet origin
–
encrypted communication and more....
–
Bluetooth
!
are you afraid, then switch it off
–
I leave it on, danger for getting tapped is rather small
–
Social Network
!
Web tools, e.g. search present significant privacy
!
issue 47
Privacy Issues 19. Aug 2008, Josef Noll
91. Privacy is not about ...
Privacy is not about getting your private space
Sources: isolatr.com; Stefan Weiss,Aug 2008, & Touche, 200749
19. Deloite Josef Noll
Privacy Issues
92. Privacy is not about ...
50
Privacy Issues 19. Aug 2008, Josef Noll
93. Privacy is not about ...
Switching off the lights
50
Privacy Issues 19. Aug 2008, Josef Noll
94. Private Sphere and Privacy
Directive 95/46/EC of the European parliament
Data must be fairly and lawfully processed
!
They must be processed for prior specified and
!
limited purposes
Adequate, relevant and not excessive
!
Accurate
!
Not kept longer than necessary
!
Processed in accordance with the data subject’s
!
rights
Secure
!
Not transferred to countries without adequate
!
protection
51
Privacy Issues 19. Aug 2008, Josef Noll
95. And the law might be applicable
to Google
Google has to obey Norwegian law
! Art. 29-group looks how privacy is
handled in the EU
! “Google is using cookies on PCs”
thus they use equipment physically
located in an EU state
! Art. 29 is valid for everyone using
equipment in an EU state, thus
also Google
52
Privacy Issues 19. Aug 2008, Josef Noll
96. Tips and Tricks
If you put your data into the social networks, it is your
!
responsibility
Security, Your data, Anonymity, .....
!
53
Privacy Issues 19. Aug 2008, Josef Noll
111. !quot;#$%#&%%'#("&)*+,)-
Anonymity is a shield from the tyranny of the majority.
- US Supreme Court decision No. 93-986, April 19 1995
but what ....
!
! !
Source: Lasse Øverlier, “Anonymity, Privacy and Hidden Services”
60
Privacy Issues 19. Aug 2008, Josef Noll
112. !quot;#$$%&'()*+',*-$%./-0%#)%01
“Disabling traffic flow analysis”
!
What can be resolved?
!
who communicates to/with whom
!
who communicates when
!
activity type
!
movement
!
chain of command
!
type of information
!
! !
Source: Lasse Øverlier, “Anonymity, Privacy and Hidden Services”
61
Privacy Issues 19. Aug 2008, Josef Noll
113. !quot;#$%&'$&'quot;'()*+($#quot;,-.
We need to distribute trust quot;#$%&'
!
Use an anonymizing network
!
Independent nodes
!
+0
+,
Encrypted tunnels
!
+-
using (perfect) forward secrecy
!
+.
+/
changing appearance of data
!
Any user, or server, of the
!
+2
+1
network can be the originator 3&4&56$7$&8!&%'94):
torproject.org
(%)*%)
! !
Source: Lasse Øverlier, “Anonymity, Privacy and Hidden Services”
62
Privacy Issues 19. Aug 2008, Josef Noll
114. And we have not talked about
Semantic technologies “the Web of
!
Services”
the car and future car2x communication
!
and what about all the sensor networks
!
who takes care of my data
!
63
Privacy Issues 19. Aug 2008, Josef Noll
115. Semantic Web Services
Dynamic
Semantic Web
WWW
Static RDF, RDF(S), OWL
URI, HTML, HTTP
Syntactic Semantic
source: Juan Miguel Gomez, UC3M
64
Privacy Issues 19. Aug 2008, Josef Noll
116. Semantic Web Services
Dynamic
Semantic Web
WWW
Static RDF, RDF(S), OWL
URI, HTML, HTTP
Syntactic Semantic
source: Juan Miguel Gomez, UC3M
64
Privacy Issues 19. Aug 2008, Josef Noll
117. Semantic Web Services
Web Services
Dynamic
UDDI, WSDL, SOAP
Semantic Web
WWW
Static RDF, RDF(S), OWL
URI, HTML, HTTP
Syntactic Semantic
source: Juan Miguel Gomez, UC3M
64
Privacy Issues 19. Aug 2008, Josef Noll
118. Semantic Web Services
Bringing the web
to its full potential
Intelligent Web
Web Services
Dynamic
Services
UDDI, WSDL, SOAP
Semantic Web
WWW
Static RDF, RDF(S), OWL
URI, HTML, HTTP
Syntactic Semantic
source: Juan Miguel Gomez, UC3M
64
Privacy Issues 19. Aug 2008, Josef Noll
119. Semantics in Business:
Enable a paradigm switch in searching information
!
From
!
Information Retrieval
–
To
!
Question Answering
–
65
Privacy Issues 19. Aug 2008, Josef Noll
120. Semantics in Business:
Enable a paradigm switch in searching information
!
Google: “Josef Noll”
From
!
Information Retrieval
–
To
!
Question Answering
–
65
Privacy Issues 19. Aug 2008, Josef Noll
121. Semantics in Business:
Enable a paradigm switch in searching information
!
Google: “Josef Noll”
From
!
Information Retrieval
–
Why did Josef Noll come to
Norway?
To
!
Question Answering
–
“It is important to educate
female engineers, ...”
65
Privacy Issues 19. Aug 2008, Josef Noll
122. ITEA-Wellcom project
Future TV
source: Sony
And some of the partners working on tomorows TV experience:
66
Privacy Issues 19. Aug 2008, Josef Noll
126. ITEA-WellCom.org
TV today and tomorrow
Content
Service
Trust &
Personalisation
Provider
Commun-
Service
ication
adaptation
Context
(jabber)
TV
BT
STB
NFC
67
Privacy Issues 19. Aug 2008, Josef Noll
127. ITEA-WellCom.org
TV today and tomorrow
Content
Service
Trust &
Personalisation
Provider
Commun-
Service
ication
adaptation
Context
(jabber)
TV
BT
STB
NFC
67
Privacy Issues 19. Aug 2008, Josef Noll
128. Third party business model
• Media,
• Banks, Service providers
Content
provider
• Telecom, Corporate, Home
Service Payment
aggregator provider
Identity and
personalisation
provider
Customer
Authentication
care
and Access
provider
68
Josef Noll, “Who owns the SIM?”, 5 June 2007
129. Third party business model
• Media,
• Banks, Service providers
Content
provider
• Telecom, Corporate, Home
Service Payment
aggregator
• Service aggregator
provider
• Convenient interfaces
• Ease of use
Identity and
personalisation
provider
Customer
Authentication
care
and Access
provider
68
Josef Noll, “Who owns the SIM?”, 5 June 2007
130. Third party business model
• Media,
• Banks, Service providers
Content
provider
• Telecom, Corporate, Home
Service Payment
aggregator
• Service aggregator
provider
• Convenient interfaces
• Ease of use
Identity and
personalisation
• Identity and personalisation
provider
provider
Customer
Authentication
care
and Access • Convenience
provider
• Trust
68
Josef Noll, “Who owns the SIM?”, 5 June 2007
131. The secure element:
SIM card
Identity and
personalisation Service
Authentication
provider aggregator
and Access
provider
Send key and Send info to
credentials recipient
NFC
communication
Send service to
unit
phone
NFC2SIM
SIM
Smartcard interfaces
ISO/IEC 7816
Josef Noll, “Who owns the SIM?”, 5 June 2007
132. The secure element:
SIM card
Identity and
personalisation Service
Authentication
provider aggregator
and Access
provider
Send key and Send info to
• SIM is secure credentials recipient
element NFC
communication
Send service to
unit
• controlled environment phone
NFC2SIM
• over-the-air update
• open for applications
SIM
Smartcard interfaces
ISO/IEC 7816
• SIM will be owned
by user
• managed by trusted
third party
Josef Noll, “Who owns the SIM?”, 5 June 2007
133. Challenges and Benefits
200 Convenience
How insecure is the
of usage
Internet?
Will the phone be the only
150 secure element?
100 Visa and Mastercard
enable convenient small amount
purchases
Are Google, facebook
and flickr more trusted than telecom
50 operators?
Dynamic service environment?
On-the-fly creation of services?
0
2006 2008 2010
Telco favourite Third party favourite 70
Josef Noll, “Who owns the SIM?”, 5 June 2007
134. Conclusions
• “The last time we were
connected by a wire was at
birth!” [Motorola]
• The service world is wireless
– Q: “what is if you loose your
phone?”
– A: “A real crisis in life!”
• Easy access to devices and
services, dependent on the
context of the user
• Challenges
– get control of complexity
– get people understanding what
they are doing and us
understanding people
http://wiki.unik.no
!
71
Privacy Issues 19. Aug 2008, Josef Noll
135. Thanks to contributions from
My PhD students György Kálmán, Mohammad M. R. Chowdhury
!
Lasse Øverlier, “Anonymity, Privacy and Hidden Services”, PhD thesis at
!
University of Oslo
Stefan Weiss, “Your Users’ Privacy”, Deloite & Touche, 2007
!
Thomas Hintz, “Protecting your Internet Privacy”, University of Florida, http://
!
notebook.ifas.ufl.edu/privacy/
Wikipedia; Dick Hardt, Identity 2.0
!
Erzsebet Somogyi, UNIK - now CanalDigital.no; Judith Rossebø, Telenor
!
Movation - White paper 'Mobile Phone Evolution', April 2007
!
GPG(GNU Privacy Guard), based on PGP http://www.gnupg.org/
!
Anonymizer http://www.anonymizer.com/
!
Tor network, http://www.torproject.org
!
The New York Times, Sony Europe, Facebook; isolatr.com
!
Heung-Gyoon Ryu from Chungbuk National University, Korea
!
ID theft in seconds, itpro.no
!
72
Privacy Issues 19. Aug 2008, Josef Noll