ebook img

Privacy for the Personal Data Vault Information Systems and Computer Engineering PDF

102 Pages·2014·1.28 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Privacy for the Personal Data Vault Information Systems and Computer Engineering

Privacy for the Personal Data Vault Tamás Balogh Thesis to obtain the Master of Science Degree in Information Systems and Computer Engineering Supervisors: Prof. Ricardo Jorge Fernandes Chaves Master Researcher Christian Schaefer Examination Committee Chairperson: Prof. Luís Eduardo Teixeira Rodrigues Supervisor: Prof. Ricardo Jorge Fernandes Chaves Member of the Committee: Prof. Nuno Miguel Carvalho dos Santos July 2014 Acknowledgments First of all I would like to thank Ericsson for providing me with the opportunity to work on this interesting research project. Special thanks goes out for Christian Schaefer for his great support during the thesis work. I would like to thank my thesis supervisor, Prof. Ricardo Chaves for his help and valuable feedback during the course of this work. My gratitude also goes out for the European Masters in Distributed Computing program co- ordinator, Prof. Johan Montelius, Prof. Lu´ıs Rodrigues and Prof. Lu´ıs Veiga, who guided me throughout my masters’ program. Last but not least, I would like to thank my family and friends for supporting me all along. Abstract Privacy is an important consideration in how online businesses are conducted today. Personal user data is becoming a valuable resource that service providers collect and process ferociously. The user centric design, that stands for the basis of the Personal Data Vault (PDV) concept, is trying to mitigate this problem by hosting data under strict user supervision. Once the user’s data leaves its supervision, however, the current privacy models offered for the PDV are no longer enough. The goal of this thesis is to investigate different privacy enhancing techniques that can be employed in the scenario where PDVs are used. We propose three different privacy enhancing models, all based around the use of the Sticky Policy (policy attached to data, describing usage restrictions) paradigm. Two of these models are inspired by previous research, while the third one is our novel approach that turns a simple Distributed Hash Table (DHT) into a privacy enforcing platform. We perform several evaluations of the proposed models, having different aspects in mind, such as: feasibility, trust model, and weaknesses. Keywords Personal Data Vault, privacy, Sticky Policy, trust, assurance iii Resumo A privacidade e´ um aspecto importante a ter em considerac¸a˜o na forma como as trocas com- erciais sa˜o realizadas hoje em dia. Os dados pessoais esta˜o a tornar-se um recurso valioso que os fornecedores de servic¸os recolhem e processam copiosamente. Um design centrado ni utilizador, e´ a base do conceito do “Personal Data Vault (PDV)”, que tenta mitigar este problema, acolhendo estes dados pessoais sob estrita supervisa˜o do utilizador. No entanto, assim que o utilizador deixa de realizar esta supervisa˜o, o modelo de privacidade actualmente disponibilizado pelo PDV deixa de ser suficiente. O objectivo desta dissertac¸a˜o e´ investigar diferentes te´cnicas de reforc¸o desta privacidade, que podera˜o ser aplicadas nas situac¸o˜es onde os PDVs sa˜o us- ados. Seguidamente sa˜o propostos treˆs modelos de privacidade reforc¸ada, todos baseados no paradigma do uso de “Sticky Policy” (pol´ıticas associadas aos dados, descrevendo as restric¸o˜es a` sua utilizac¸a˜o). Enquanto, dois destes modelos sa˜o inspirados no estado da arte existente, o terceiro constitui uma nova abordagem que transforma um simples Distributed Hash Table (DHT) numa plataforma de privacidade reforc¸ada. Foram realizadas va´rias avaliac¸o˜es aos modelos propostos, tendo em mente diferentes aspectos, tais como: viabilidade, confianc¸a e debilidades. Palavras Chave Personal Data Vault, privacidade, Sticky Policy, confianc¸a, garantia v Contents 1 Introduction 1 1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2 Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.4 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.5 Thesis Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.6 Dissertation Outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2 Background 7 2.1 The Personal Data Vault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.1.1 PDV as an Abstraction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.1.2 PDVs in the Healthcare System . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.2 Personal privacy concerns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.3 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3 Related Work 15 3.1 XACML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.2 Usage Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.2.1 UCON in practice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.3 TAS3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.4 PrimeLife . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.5 Other Privacy Enforcement Techniques . . . . . . . . . . . . . . . . . . . . . . . . 23 3.5.1 DRM approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.5.2 Trusted platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 3.5.3 Cryptographic techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 3.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 4 System Design 27 4.1 PrimeLife Policy Language (PPL) Integration . . . . . . . . . . . . . . . . . . . . . 28 4.2 Verifiable Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 vii Contents 4.2.1 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 4.2.2 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 4.2.3 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 4.2.4 Privacy Manager Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . 32 4.2.4.A Verifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 4.2.4.B Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 4.2.5 Interaction Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 4.2.5.A Data Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 4.2.5.B Forwarding Chain . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 4.3 Trusted Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 4.3.1 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 4.3.2 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 4.3.3 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 4.3.4 Privacy Manager Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . 39 4.3.4.A Trust Negotiator . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 4.3.4.B Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 4.3.5 Interaction Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 4.3.5.A Data Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 4.3.5.B Forwarding Chain . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 4.4 Mediated Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 4.4.1 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 4.4.2 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 4.4.3 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 4.4.4 DHT Peer Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 4.4.4.A The Remote Retrieval Operation . . . . . . . . . . . . . . . . . . . 46 4.4.4.B Membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 4.4.4.C Keyspace Assignment . . . . . . . . . . . . . . . . . . . . . . . . . 48 4.4.4.D Business Ring Size . . . . . . . . . . . . . . . . . . . . . . . . . . 49 4.4.4.E Business Ring Description . . . . . . . . . . . . . . . . . . . . . . 49 4.4.5 Privacy Manager Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 4.4.5.A Sticky Policy Enforcement . . . . . . . . . . . . . . . . . . . . . . . 50 4.4.5.B Trust Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 4.4.6 Logging Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 4.4.7 Interaction Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 4.4.7.A Data Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 4.4.7.B Multiple Data Subject (DS) Interaction Model . . . . . . . . . . . . 54 4.4.7.C Multiple Data Controller (DC) Interaction Model . . . . . . . . . . . 55 viii

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.