SlideShare ist ein Scribd-Unternehmen logo
1 von 40
Downloaden Sie, um offline zu lesen
Privacy Preserving
Content Protection
       PhD Defense

         Mina Deng
  Promoter: Prof. Bart Preneel
    COSIC, ESAT/SCD, KU Leuven
             July, 2010
Introduction
The age of privacy is over?
Privacy definitions
Individual rights
 • “the right to be let alone” (Warren and Brandeis, 1890)

Informational self-determination
 • “Privacy is the claim of individuals, groups, or institutions to determine for themselves when,
   how, and to what extent information about them is communicated to others.” (Alan Westin,
   1967)

Access and control
 • “control access to oneself and to personal information about oneself ” (Adam Moore, 1998)

Pluralistic resemblance
 • “Privacy is a plurality of different things.” “It is a set of protections against a related cluster
   of problems” (Daniel Solove, 2008)
Privacy & data minimization
 • “Data controllers should collect only the personal data they really need, and should keep it
   only for as long as they need it”. (European Data Protection Directive 95/46/EC, 1995)
Debate privacy vs. security
– tradeoff: security & privacy                        + need to have both
• get more of one, at the expense of the other        • “These two components of security – safety
• after 9/11, give up civil liberties & privacy to      and privacy … I work from the assumption that
  national security                                     you need to have both.” – Donald Kerr (US
• popular response: “I have nothing to hide”            deputy director of national intelligence)
• “The nothing to hide argument is an argument        • “Security and privacy are not opposite ends of
  that the privacy interest is generally minimal to     a seesaw. There is no security without privacy.
  trivial, thus making the balance against              And liberty requires both security and privacy.”
  security concerns a foreordained victory for          –Bruce Schneier (security commenter)
  security”. – Daniel Solove (privacy scholar)
Content protection motivation
Industry interests
Content protection
                            Core techniques
    Encryption: first line of defense
      • + prevent unauthorized access
      • – no content protection after decryption
Symmetric             secret                                secret
   key                 key                                   key




  plaintext                               ciphertext              Homer
                                                                             plaintext
                          Marge
Asymmetric
                     Homer’s public                    Homer’s private
   key                   key                               key




  plaintext                               ciphertext                         plaintext
                         Lisa & Bart                                 Homer
Content protection
                            Core techniques
 Digital watermarking: second line of defense
  • embed information imperceptibly
  • e.g. to prove ownership


            secret                                              secret
            watermarking                                        watermarking
            key                                                 key
original
content
                                watermarked                                              watermark
                                  content
                 embedding                                      detection / extraction
watermark
                               distribution / processing / attack
Digital watermarking illustration




   original image
                      watermarked image
     512×512




    watermark         extracted watermark
   64×64 image        (correlation = 0.9997)
Privacy issue in content protection



creation                  use control                       payment




           distribution                     monitor
                                             usage




                                        User’s privacy nightmare
Research motivation

Conflict
 • content protection interests of provider
 • privacy rights of user


Can we reconcile privacy with protection of content?
Outline
Introduction

Overview of contributions

Privacy threat analysis framework

Anonymous buyer-seller watermarking protocols

Conclusion
Overall structure
                               Privacy preserving
                               content protection


Research                                       Privacy preserving
            Privacy analysis
Questions                                      content protection
             methodology
                                                    systems


                                  Content protection
                                                             Privacy protection
                                    for commercial
                                                            for personal content
                                        content


Proposed          Threat                                  Privacy       Personal rights
               framework             BSW protocols                       management
Solutions                               (Ch 3)
                                                         friendly
                 (Ch 2)                                eHealth (Ch 4)       (Ch 5)
Chapter 2. Privacy threat analysis
           framework
Contribution (J.RE 2010)
Background                         Problem & solution
Threat modeling                    Problem
• threats                          • lacks systematic approach
• requirements                     • privacy threat analysis
• countermeasures
                                   Our solution
Two pillars                        • privacy threat analysis framework
• methodology                      • model threats to system elements
• knowledge                        • instantiate threats using threat tree
  • checklists & patterns            patterns
                                   • elicit requirements from misuse cases
Security: methodological support   • select countermeasures according to
• goal-oriented: KAOS                requirements
• scenario-based: STRIDE
Chapter 3. Anonymous Buyer-
Seller Watermarking Protocols
Contribution (J.TIFS 2010, MMSEC 2009)
Background                                  Problem & solution
Massive online distribution                 Problem
• + efficiency and convenience              • copyright protection (provider)
• – threats: intellectual property rights   • privacy protection (user)
Traditional assumption                      Our solution
• providers trustworthy                     • limited trust in seller
  • no illegal distribution                 • traceability: unique code embedded
  • honest embedding                        • copyright protection & piracy tracing
• not realistic!                            • buyer’s revocable anonymity
                                            • formal security analysis
Traceability discredited                    • actual protocol security bounded to
• seller frames innocent buyer                security of watermarking scheme
• guilty buyer repudiates
Chapter 4. Privacy-friendly
architecture to manage distributed
       e-Health information
Contribution (J.OIR 2009, E-Health Handbook 2009)
Back ground                               Problem & solution
E-Health system                           Problem
• privacy sensitive content               • content sharing– interoperability
• overview of patient’s medical history     (healthcare provider)
                                          • privacy protection (patient)
Privacy threats
                                          Our solution
• cross reference content & ID across
  providers                               • architecture distributed e-health
• intensive use of patient’s ID           • limited trust in healthcare service
• different sensitivity levels              providers
                                          • mediating service
                                          • data anonymization
                                          • practical validation
Chapter 5. Personal rights management
  for individual privacy enforcement
Contribution (PET’06, CMS’05)
Background                                   Problem & solution
Personal content distribution                Problem
• (phone) cameras, blogs, social networks,   • privacy protection (an individual)
  search engines                             • personal content distribution (other
• private pictures taken & published           individuals)
• technology trends worsen situation
                                             Our solution
Emerging privacy threats                     • detection mechanism
• governments and industry                     • control pictures taken by others
• normal individuals                           • no restriction & no privacy
                                                 infringement for photographers
                                               • distribution channel
                                             • non-professional adversary
Outline
Introduction

Overview of contributions

Privacy threat analysis framework

Anonymous buyer-seller watermarking protocols

Conclusion
Privacy analysis framework
SYSTEM SPECIFIC
                               Assumption &
 High-level
                                   usage
 description
                                 scenarios


METHODOLOGY

 Define Data     Map Privacy                                                       Select
                                 Identify
    Flow          Threats to                   Risk-based       Elicit Privacy    Privacy
                               Misuse Case
  Diagram            DFD                      Prioritization    Requirements     Enhancing
                                Scenarios
   (DFD)          Elements                                                       Solutions




KNOWLEDGE          Mapping                          Risk           Mapping        Mapping
                                 Privacy
                   threats                      Assessment      Privacy misuse     Privacy
                               threat tree
                 components                     Techniques          cases to     Objectives to
                                patterns
                    to DFD                     (Not included)   Requirements      Solutions
Privacy threat analysis – illustration
                                                           Privacy properties                  Privacy threats
   Data Flow                                               Unlinkability                       Linkability

                                                           Anonymity & Pseudonymity            Identifiability

                                                           Plausible deniability               Non-repudiation

                                                           Undetectability & Unobservability   Detectability

                                                           Confidentiality                     Disclosure of information

                                                           Content awareness                   content Unawareness
    Data                                                   Policy and consent compliance       policy and consent Noncompliance
    Flow
    Diagram                                                                                      Threat Tree Pattern
Privacy threats          Entity   Data   Data    Process
                                  flow   store
Linkability                X        X       X       X
Identifiability            X        X       X       X
Non-repudiation                     X       X       X
Detectability                       X       X       X
Information disclosure              X       X       X

Content unawareness        X

Consent/policy                      X       X       X
noncompliance
Elicited privacy requirements &
                                                 mitigation strategies
n°   Threat scenarios                                   Privacy requirements                                                       Suggested mitigation strategy
1    Linkability of social network data store           Unlinkability of data entries within the social network database           Protection of the data store, by applying of data anonymization
                                                                                                                                   techniques, such as k-anonymity
                                                                                                                                                       k-




2    Linkability of data                                Unlinkability of messages of                                               Employ anonymity system,
     flow (user-portal)                                 user-portal communication                                                  e.g. TOR
3    Linkability of entities the social network users   Unlinkability of different pseudonyms (user IDs) of social network users   Technical enforcement: Use anonymity system such as TOR, for
                                                                                                                                   communication between user and social network web portal




                                                                                                                                   User privacy self-awareness (aware revealing too much information online
                                                                                                                                                self-
                                                                                                                                   can be privacy invasive)


                                                        Channel and message confidentiality (of data flow)                         Use anonymity system, such as TOR



4    Identifiability at the social network data store   Anonymity of social network users such that the user will not be            Protection of the data store, by applying of data anonymization
                                                        identified from social network database entries                            techniques, such as k-anonymity
                                                                                                                                                        k-




5    Identifiability at data flow of user data stream   Anonymity of social network users such that the user will not be           Technical enforcement: use anonymity system, such as TOR, for
     (use-rportal)
     (use-rportal)                                      identified from user-portal communication
                                                                        user-                                                      communication between user and social network web portal
Outline
Introduction

Overview of contributions

Privacy threat analysis framework

Anonymous buyer-seller watermarking protocols

Conclusion
Online transaction scenario

Buyer
                                       Seller




        Group                           Judge
        Manager
Anonymous buyer-seller watermarking
                          protocols
           2. Watermark generation &
           embedding                          Building blocks
                                              • homomorphic encryption:
                                                watermarking in encrypted domain
                                               o M ∈ M ,o C ∈ C , ∀m1 , m2 ∈ M :
                                               E (m1 o M m2 ) = E (m1 ) o C E (m2 )
                                              • group signature
                                              • zero-knowledge proof
                                              Properties
                                              • traceability (seller’s security)
                                              • non-repudiation (seller’s security)
1. Registration         3. Identification &   • non-framing (buyer’s security)
                        arbitration           • anonymity & unlinkability (buyer’s
                                                security)
Registration phase


Buyer                                                                               Group
                                                                                    Manager



                                                      gski
  gski ← GSjoin ( gpk , uski )                               reg i ← GSiss ( gpk , isk , upki )
                            Secure & authenticated channel

                            Group manager
                             • Buyer’s ID

                            Buyer group joining
                             • secret signature key
Watermark generation &
             embedding phase

Buyer                                                                                                                  Seller
                                                   π1,π 2


             '      '
        ( sk B , pk B ) ← BKgen(1k )
                            '
        C ← JEnc( pk j , sk B )
                      '
        ci ← BEnc( pk B , WBi )
                                                                                                            '
                 '
        m ← ( pk B , j , (ci )li =1 , C )                                      WATemb ( swk , X , BEnc ( pk B , W ))
        S m ← GSsig ( gpk , gski , m)
                                            Anonymous channel (S & B)

                                            Zero knowledge proofs
                                            • Fair Encryption of private Key
                                            • Bit Encryption of watermark
Watermark generation & embedding
Basic concept                                           Type I
• Seller & Buyer generate part of watermark              • security (S & B)
• Seller doesn’t know: buyer’s watermark &               • multiple transactions
  watermarked content delivered to the buyer
• Buyer doesn’t know: original content & seller’s         X' = X ⊕ V,
  watermark                                               E(Y) = E(X'⊕σ (W)) = E(X' ) ⊗ E (σ (W))


                                                                        intermediate
                     ⊕                  →
                                                                       watermarked content

  original content    index watermark
                                                           ⊕         →
                                                                     
                                  permutation                                      final
                             →                                                 watermarked content


              buyer’s watermark                     permuted
                                                    buyer’s watermark
Watermark generation & embedding
    Type II
      • not limited to permutation tolerant watermarks
       X' = X ⊕ V, E(W) = E(WS + WB ) = E(WS ) × E(WB ),
       E(Y) = E(X'⊕ W) = E(X' ) ⊗ E(W)


                     +                    →
                                                                composite watermark

buyer’s watermark    seller’s watermark                           additive homomorphic

                     ×                    →
                                          
                                                          ⊕ →
                                                            
                     ⊕                    →
                                                                             final
                                                                              watermarked content
  original content       index watermark   Intermediate watermarked content
Watermark generation & embedding
   Type III
     • avoid double-watermark
     W = φ || (WS ⊕ WB ), E(W) = {E(φ1 ),..., E(φl1 )} || {E(WSB1 ),..., E(WSBl2 )}
                                   E(WBi ),            (Wsi = 0)
     E(WSBi ) = E(WS ⊕ WB ) = {
                                   E(1) × E(WBi ) -1 , (Wsi = 1)


                                                                     intermediate
                ⊕c                   →
                                                                    composite watermark

buyer’s watermark     seller’s watermark

                                                                            final
                ||                →
                                                                           composite watermark

index watermark intermediate
                composite watermark                              ⊕ →
                                                                   
                                                                                        final watermarked content
                                         original content
Identification and arbitration phase
      Seller
                                                                                 Judge




                   W ' ← WAT det( swk , Y )




                                                            Secure & authenticated channel

( B i ,τ ) ← GSopen ( gpk , osk , reg , m, sm )   Group
                                                  Manager
Implementation
                                  Type III BSW protocol

Parameters                                      Communication complexity
•   512×512-pixel image, ≈ 2 Mbit               • (in exchanged bits)
•   Watermark 128 bits                          • Watermark generation & embedding: ≈
•   Paillier modulus N of 1024 bits               8 Mbit
•   run on CPU at 2.4 GHz                       • Identification & arbitration: ≈ 0.4 Mbit
Execution time (in seconds)                     • Expansion factor: ≈ 4.2

• Registration: <0.5 sec
• Identification & arbitration: < 2.5 sec
• most computational load @ Seller
                 watermark generation & embedding (WGE) phase execution time
Outline
Introduction

Overview of contributions

Privacy threat analysis framework

Anonymous buyer-seller watermarking protocols

Conclusions
Conclusions
Privacy threats emerge
 • trust in providers

Need balance
 • content protection (provider) & privacy protection (user)

Privacy
 • as security, embodied value

Build privacy in
 • goal-oriented, framework

Content protection techniques
 • also protect privacy

   Yes, it is possible to reconcile privacy with protection of content
List of publications
International Journals
Mina Deng, Kim Wuyts, Riccardo Scandariato, Bart Preneel, and Wouter Joosen. A privacy threat analysis framework: supporting the
      elicitation and fulfillment of privacy requirements. Requirement Engineering Journal special issue on Data Privacy, to appear, 27 pages,
      2010.
Alfredo Rial, Mina Deng, Tiziano Bianchi, Alessandro Piva, and Bart Preneel. Anonymous buyer-seller watermarking protocols: formal
      definitions and security analysis. IEEE Transactions on Information Forensics and Security, to appear, 11 pages, 2010.
Mina Deng, Danny De Cock, and Bart Preneel. Towards a cross-context identity management framework in e-health. Online Information
      Review, international journal 33(3):422-442, 2009.
Mina Deng and Bart Preneel. Attacks on two buyer-seller watermarking protocols and an improvement for revocable anonymity. International
      Journal of Intelligent Information Technology Application, 1(2):53-64, 2008.

Book Chapters
Mina Deng, Danny De Cock, and Bart Preneel. An interoperable cross-context architecture to manage distributed personal e-health
     information. In M. M. Cunha, R. Simoes, and A. Tavares, editors, Handbook of Research on Developments in e- Health and
     Telemedicine: Technological and Social Perspectives, ISBN: 978-1-61520-670-4, chapter 27, pages 576-602. Hershey, PA, USA: IGI
     Global, Inc., 2009.
Mina Deng and Bart Preneel. On secure buyer-seller watermarking protocols with revocable anonymity. In Kyeong Kang, editor, E-Commerce,
     ISBN: 978-953-7619-98-5, chapter 11, pages 184-202. IN-TECH Education and Publishing, Vienna, Austria, 2009.

International conferences (Selected)
Mina Deng, Tiziano Bianchi, Alessandro Piva, and Bart Preneel. An efficient buyer-seller watermarking protocol based on composite signal
     representation. In Proceedings of the 11th ACM workshop on Multimedia and security (MMSEC), pages 9-18, Princeton, New Jersey,
     USA. ACM New York, NY, USA, 2009.
Mina Deng and Bart Preneel. On secure and anonymous buyer-seller watermarking protocol. In Abdelhamid Mellouk, Jun Bi, Guadalupe Ortiz,
     Dickson K. W. Chiu, and Manuela Popescu, editors, Third International Conference on Internet and Web Applications and Services
     (ICIW), pages 524-529, Athens, Greece. IEEE Computer Society, 2008.
Mina Deng, Lothar Fritsch, and Klaus Kursawe. Personal rights management – taming camera-phones for individual privacy enforcement. In
     George Danezis and Philippe Golle, editors, Privacy Enhancing Technologies, 6th International Workshop (PET), Revised Selected Papers,
     volume 4258 of Lecture Notes in Computer Science, pages 172-189, Cambridge, UK. Springer, 2006.
Questions?



Thank you! ☺
mina.deng@esat.kuleuven.be

Weitere ähnliche Inhalte

Was ist angesagt?

"Wp piracy continuum" by Irdeto
"Wp piracy continuum" by Irdeto"Wp piracy continuum" by Irdeto
"Wp piracy continuum" by IrdetoGeorge Barzashvili
 
Audio Steganography Using Discrete Wavelet Transformation (DWT) & Discrete Co...
Audio Steganography Using Discrete Wavelet Transformation (DWT) & Discrete Co...Audio Steganography Using Discrete Wavelet Transformation (DWT) & Discrete Co...
Audio Steganography Using Discrete Wavelet Transformation (DWT) & Discrete Co...iosrjce
 
Secure Message Transmission using Image Steganography on Desktop Based
Secure Message Transmission using Image Steganography on Desktop BasedSecure Message Transmission using Image Steganography on Desktop Based
Secure Message Transmission using Image Steganography on Desktop Basedijtsrd
 
Phd T H E S I Sproposal
Phd T H E S I SproposalPhd T H E S I Sproposal
Phd T H E S I Sproposalguest6caaab
 
Swing07 day1 buttyan
Swing07 day1 buttyanSwing07 day1 buttyan
Swing07 day1 buttyanrajrayala
 
Image Steganography V2 i11 0143
Image Steganography V2 i11 0143Image Steganography V2 i11 0143
Image Steganography V2 i11 0143Praneeta Dehare
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Video Steganography using Discrete Wavelet Transform and Artificial Intelligence
Video Steganography using Discrete Wavelet Transform and Artificial IntelligenceVideo Steganography using Discrete Wavelet Transform and Artificial Intelligence
Video Steganography using Discrete Wavelet Transform and Artificial Intelligenceijtsrd
 
Majar Project Synopsis (1).docx
Majar Project Synopsis (1).docxMajar Project Synopsis (1).docx
Majar Project Synopsis (1).docxUJJWALPAL15
 
Relatório nielsen elementos protecćųo seguranća produtos 20092010_en
Relatório nielsen elementos protecćųo seguranća produtos 20092010_enRelatório nielsen elementos protecćųo seguranća produtos 20092010_en
Relatório nielsen elementos protecćųo seguranća produtos 20092010_enRetail Trends
 
LSB Based Stegnography to Enhance the Security of an Image
LSB Based Stegnography to Enhance the Security of an ImageLSB Based Stegnography to Enhance the Security of an Image
LSB Based Stegnography to Enhance the Security of an Imageijtsrd
 
Preservation Planning: Choosing a suitable digital preservation strategy
Preservation Planning: Choosing a suitable digital preservation strategyPreservation Planning: Choosing a suitable digital preservation strategy
Preservation Planning: Choosing a suitable digital preservation strategyGarethKnight
 
A RSA- DWT Based Visual Cryptographic Steganogrphy Technique by Mohit Goel
A RSA- DWT Based Visual Cryptographic Steganogrphy Technique by Mohit GoelA RSA- DWT Based Visual Cryptographic Steganogrphy Technique by Mohit Goel
A RSA- DWT Based Visual Cryptographic Steganogrphy Technique by Mohit GoelMohit Goel
 

Was ist angesagt? (18)

"Wp piracy continuum" by Irdeto
"Wp piracy continuum" by Irdeto"Wp piracy continuum" by Irdeto
"Wp piracy continuum" by Irdeto
 
Audio Steganography Using Discrete Wavelet Transformation (DWT) & Discrete Co...
Audio Steganography Using Discrete Wavelet Transformation (DWT) & Discrete Co...Audio Steganography Using Discrete Wavelet Transformation (DWT) & Discrete Co...
Audio Steganography Using Discrete Wavelet Transformation (DWT) & Discrete Co...
 
Stegnography Systems for Securing DataFile in Image
Stegnography Systems for Securing DataFile in ImageStegnography Systems for Securing DataFile in Image
Stegnography Systems for Securing DataFile in Image
 
Presentazione
PresentazionePresentazione
Presentazione
 
F1803023843
F1803023843F1803023843
F1803023843
 
Secure Message Transmission using Image Steganography on Desktop Based
Secure Message Transmission using Image Steganography on Desktop BasedSecure Message Transmission using Image Steganography on Desktop Based
Secure Message Transmission using Image Steganography on Desktop Based
 
Phd T H E S I Sproposal
Phd T H E S I SproposalPhd T H E S I Sproposal
Phd T H E S I Sproposal
 
Swing07 day1 buttyan
Swing07 day1 buttyanSwing07 day1 buttyan
Swing07 day1 buttyan
 
Image Steganography V2 i11 0143
Image Steganography V2 i11 0143Image Steganography V2 i11 0143
Image Steganography V2 i11 0143
 
Digitalwatermarking
DigitalwatermarkingDigitalwatermarking
Digitalwatermarking
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
Video Steganography using Discrete Wavelet Transform and Artificial Intelligence
Video Steganography using Discrete Wavelet Transform and Artificial IntelligenceVideo Steganography using Discrete Wavelet Transform and Artificial Intelligence
Video Steganography using Discrete Wavelet Transform and Artificial Intelligence
 
Research Overview
Research OverviewResearch Overview
Research Overview
 
Majar Project Synopsis (1).docx
Majar Project Synopsis (1).docxMajar Project Synopsis (1).docx
Majar Project Synopsis (1).docx
 
Relatório nielsen elementos protecćųo seguranća produtos 20092010_en
Relatório nielsen elementos protecćųo seguranća produtos 20092010_enRelatório nielsen elementos protecćųo seguranća produtos 20092010_en
Relatório nielsen elementos protecćųo seguranća produtos 20092010_en
 
LSB Based Stegnography to Enhance the Security of an Image
LSB Based Stegnography to Enhance the Security of an ImageLSB Based Stegnography to Enhance the Security of an Image
LSB Based Stegnography to Enhance the Security of an Image
 
Preservation Planning: Choosing a suitable digital preservation strategy
Preservation Planning: Choosing a suitable digital preservation strategyPreservation Planning: Choosing a suitable digital preservation strategy
Preservation Planning: Choosing a suitable digital preservation strategy
 
A RSA- DWT Based Visual Cryptographic Steganogrphy Technique by Mohit Goel
A RSA- DWT Based Visual Cryptographic Steganogrphy Technique by Mohit GoelA RSA- DWT Based Visual Cryptographic Steganogrphy Technique by Mohit Goel
A RSA- DWT Based Visual Cryptographic Steganogrphy Technique by Mohit Goel
 

Andere mochten auch

Constructive Reasoning for Semantic Wikis - PhD defense presentation
Constructive Reasoning for Semantic Wikis - PhD defense presentationConstructive Reasoning for Semantic Wikis - PhD defense presentation
Constructive Reasoning for Semantic Wikis - PhD defense presentationJakub Kotowski
 
Biology Honors Research Thesis
Biology Honors Research ThesisBiology Honors Research Thesis
Biology Honors Research Thesismtvillongco
 
PaulaTataru_PhD_defense
PaulaTataru_PhD_defensePaulaTataru_PhD_defense
PaulaTataru_PhD_defensePaula Tataru
 
Protein & amino acid (ulivina pratini)
Protein & amino acid (ulivina pratini)Protein & amino acid (ulivina pratini)
Protein & amino acid (ulivina pratini)Ulivin Al Farisi
 
Tips on how to defend your thesis
Tips on how to defend your thesisTips on how to defend your thesis
Tips on how to defend your thesisMiriam Pananaliksik
 
Powerpoint Presentation of PhD Viva
Powerpoint Presentation of PhD VivaPowerpoint Presentation of PhD Viva
Powerpoint Presentation of PhD VivaDr Mohan Savade
 
Dissertation oral defense presentation
Dissertation   oral defense presentationDissertation   oral defense presentation
Dissertation oral defense presentationDr. Naomi Mangatu
 
How to Defend your Thesis Proposal like a Professional
How to Defend your Thesis Proposal like a ProfessionalHow to Defend your Thesis Proposal like a Professional
How to Defend your Thesis Proposal like a ProfessionalMiriam College
 
Thesis Power Point Presentation
Thesis Power Point PresentationThesis Power Point Presentation
Thesis Power Point Presentationriddhikapandya1985
 
Thesis Powerpoint
Thesis PowerpointThesis Powerpoint
Thesis Powerpointneha47
 
Datta PhD Defense 20 min presentation
Datta PhD Defense 20 min presentationDatta PhD Defense 20 min presentation
Datta PhD Defense 20 min presentationProyag Datta
 
Prepare your Ph.D. Defense Presentation
Prepare your Ph.D. Defense PresentationPrepare your Ph.D. Defense Presentation
Prepare your Ph.D. Defense PresentationChristian Glahn
 

Andere mochten auch (12)

Constructive Reasoning for Semantic Wikis - PhD defense presentation
Constructive Reasoning for Semantic Wikis - PhD defense presentationConstructive Reasoning for Semantic Wikis - PhD defense presentation
Constructive Reasoning for Semantic Wikis - PhD defense presentation
 
Biology Honors Research Thesis
Biology Honors Research ThesisBiology Honors Research Thesis
Biology Honors Research Thesis
 
PaulaTataru_PhD_defense
PaulaTataru_PhD_defensePaulaTataru_PhD_defense
PaulaTataru_PhD_defense
 
Protein & amino acid (ulivina pratini)
Protein & amino acid (ulivina pratini)Protein & amino acid (ulivina pratini)
Protein & amino acid (ulivina pratini)
 
Tips on how to defend your thesis
Tips on how to defend your thesisTips on how to defend your thesis
Tips on how to defend your thesis
 
Powerpoint Presentation of PhD Viva
Powerpoint Presentation of PhD VivaPowerpoint Presentation of PhD Viva
Powerpoint Presentation of PhD Viva
 
Dissertation oral defense presentation
Dissertation   oral defense presentationDissertation   oral defense presentation
Dissertation oral defense presentation
 
How to Defend your Thesis Proposal like a Professional
How to Defend your Thesis Proposal like a ProfessionalHow to Defend your Thesis Proposal like a Professional
How to Defend your Thesis Proposal like a Professional
 
Thesis Power Point Presentation
Thesis Power Point PresentationThesis Power Point Presentation
Thesis Power Point Presentation
 
Thesis Powerpoint
Thesis PowerpointThesis Powerpoint
Thesis Powerpoint
 
Datta PhD Defense 20 min presentation
Datta PhD Defense 20 min presentationDatta PhD Defense 20 min presentation
Datta PhD Defense 20 min presentation
 
Prepare your Ph.D. Defense Presentation
Prepare your Ph.D. Defense PresentationPrepare your Ph.D. Defense Presentation
Prepare your Ph.D. Defense Presentation
 

Ähnlich wie Mina Deng PhD defense

Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Symantec APJ
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Symantec APJ
 
1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt1 Info Sec+Risk Mgmt
1 Info Sec+Risk MgmtAlfred Ouyang
 
Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityBob Rhubart
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
BUTLER IoT - Luxemburg presentation 8 9-12
BUTLER IoT - Luxemburg presentation 8 9-12BUTLER IoT - Luxemburg presentation 8 9-12
BUTLER IoT - Luxemburg presentation 8 9-12JobT
 
Digi securitypres
Digi securitypresDigi securitypres
Digi securitypresFairSay
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft Private Cloud
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญCurrent trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญBAINIDA
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummiesIvo Depoorter
 
Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youGlobal Business Events
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentityFredBrandonAuthorMCP
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...Ulf Mattsson
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 

Ähnlich wie Mina Deng PhD defense (20)

Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16
 
1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt
 
Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud Security
 
Ccc brochure
Ccc brochureCcc brochure
Ccc brochure
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
BUTLER IoT - Luxemburg presentation 8 9-12
BUTLER IoT - Luxemburg presentation 8 9-12BUTLER IoT - Luxemburg presentation 8 9-12
BUTLER IoT - Luxemburg presentation 8 9-12
 
Digi securitypres
Digi securitypresDigi securitypres
Digi securitypres
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญCurrent trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
 
Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are you
 
2012 Data Center Security
2012 Data Center Security2012 Data Center Security
2012 Data Center Security
 
biometrics and cyber security
biometrics and cyber securitybiometrics and cyber security
biometrics and cyber security
 
Electronic security
Electronic securityElectronic security
Electronic security
 
Electronic Security
Electronic SecurityElectronic Security
Electronic Security
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and Identity
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
 

Mina Deng PhD defense

  • 1. Privacy Preserving Content Protection PhD Defense Mina Deng Promoter: Prof. Bart Preneel COSIC, ESAT/SCD, KU Leuven July, 2010
  • 3. The age of privacy is over?
  • 4. Privacy definitions Individual rights • “the right to be let alone” (Warren and Brandeis, 1890) Informational self-determination • “Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.” (Alan Westin, 1967) Access and control • “control access to oneself and to personal information about oneself ” (Adam Moore, 1998) Pluralistic resemblance • “Privacy is a plurality of different things.” “It is a set of protections against a related cluster of problems” (Daniel Solove, 2008) Privacy & data minimization • “Data controllers should collect only the personal data they really need, and should keep it only for as long as they need it”. (European Data Protection Directive 95/46/EC, 1995)
  • 5. Debate privacy vs. security – tradeoff: security & privacy + need to have both • get more of one, at the expense of the other • “These two components of security – safety • after 9/11, give up civil liberties & privacy to and privacy … I work from the assumption that national security you need to have both.” – Donald Kerr (US • popular response: “I have nothing to hide” deputy director of national intelligence) • “The nothing to hide argument is an argument • “Security and privacy are not opposite ends of that the privacy interest is generally minimal to a seesaw. There is no security without privacy. trivial, thus making the balance against And liberty requires both security and privacy.” security concerns a foreordained victory for –Bruce Schneier (security commenter) security”. – Daniel Solove (privacy scholar)
  • 8. Content protection Core techniques Encryption: first line of defense • + prevent unauthorized access • – no content protection after decryption Symmetric secret secret key key key plaintext ciphertext Homer plaintext Marge Asymmetric Homer’s public Homer’s private key key key plaintext ciphertext plaintext Lisa & Bart Homer
  • 9. Content protection Core techniques Digital watermarking: second line of defense • embed information imperceptibly • e.g. to prove ownership secret secret watermarking watermarking key key original content watermarked watermark content embedding detection / extraction watermark distribution / processing / attack
  • 10. Digital watermarking illustration original image watermarked image 512×512 watermark extracted watermark 64×64 image (correlation = 0.9997)
  • 11. Privacy issue in content protection creation use control payment distribution monitor usage User’s privacy nightmare
  • 12. Research motivation Conflict • content protection interests of provider • privacy rights of user Can we reconcile privacy with protection of content?
  • 13. Outline Introduction Overview of contributions Privacy threat analysis framework Anonymous buyer-seller watermarking protocols Conclusion
  • 14. Overall structure Privacy preserving content protection Research Privacy preserving Privacy analysis Questions content protection methodology systems Content protection Privacy protection for commercial for personal content content Proposed Threat Privacy Personal rights framework BSW protocols management Solutions (Ch 3) friendly (Ch 2) eHealth (Ch 4) (Ch 5)
  • 15. Chapter 2. Privacy threat analysis framework
  • 16. Contribution (J.RE 2010) Background Problem & solution Threat modeling Problem • threats • lacks systematic approach • requirements • privacy threat analysis • countermeasures Our solution Two pillars • privacy threat analysis framework • methodology • model threats to system elements • knowledge • instantiate threats using threat tree • checklists & patterns patterns • elicit requirements from misuse cases Security: methodological support • select countermeasures according to • goal-oriented: KAOS requirements • scenario-based: STRIDE
  • 17. Chapter 3. Anonymous Buyer- Seller Watermarking Protocols
  • 18. Contribution (J.TIFS 2010, MMSEC 2009) Background Problem & solution Massive online distribution Problem • + efficiency and convenience • copyright protection (provider) • – threats: intellectual property rights • privacy protection (user) Traditional assumption Our solution • providers trustworthy • limited trust in seller • no illegal distribution • traceability: unique code embedded • honest embedding • copyright protection & piracy tracing • not realistic! • buyer’s revocable anonymity • formal security analysis Traceability discredited • actual protocol security bounded to • seller frames innocent buyer security of watermarking scheme • guilty buyer repudiates
  • 19. Chapter 4. Privacy-friendly architecture to manage distributed e-Health information
  • 20. Contribution (J.OIR 2009, E-Health Handbook 2009) Back ground Problem & solution E-Health system Problem • privacy sensitive content • content sharing– interoperability • overview of patient’s medical history (healthcare provider) • privacy protection (patient) Privacy threats Our solution • cross reference content & ID across providers • architecture distributed e-health • intensive use of patient’s ID • limited trust in healthcare service • different sensitivity levels providers • mediating service • data anonymization • practical validation
  • 21. Chapter 5. Personal rights management for individual privacy enforcement
  • 22. Contribution (PET’06, CMS’05) Background Problem & solution Personal content distribution Problem • (phone) cameras, blogs, social networks, • privacy protection (an individual) search engines • personal content distribution (other • private pictures taken & published individuals) • technology trends worsen situation Our solution Emerging privacy threats • detection mechanism • governments and industry • control pictures taken by others • normal individuals • no restriction & no privacy infringement for photographers • distribution channel • non-professional adversary
  • 23. Outline Introduction Overview of contributions Privacy threat analysis framework Anonymous buyer-seller watermarking protocols Conclusion
  • 24. Privacy analysis framework SYSTEM SPECIFIC Assumption & High-level usage description scenarios METHODOLOGY Define Data Map Privacy Select Identify Flow Threats to Risk-based Elicit Privacy Privacy Misuse Case Diagram DFD Prioritization Requirements Enhancing Scenarios (DFD) Elements Solutions KNOWLEDGE Mapping Risk Mapping Mapping Privacy threats Assessment Privacy misuse Privacy threat tree components Techniques cases to Objectives to patterns to DFD (Not included) Requirements Solutions
  • 25. Privacy threat analysis – illustration Privacy properties Privacy threats Data Flow Unlinkability Linkability Anonymity & Pseudonymity Identifiability Plausible deniability Non-repudiation Undetectability & Unobservability Detectability Confidentiality Disclosure of information Content awareness content Unawareness Data Policy and consent compliance policy and consent Noncompliance Flow Diagram Threat Tree Pattern Privacy threats Entity Data Data Process flow store Linkability X X X X Identifiability X X X X Non-repudiation X X X Detectability X X X Information disclosure X X X Content unawareness X Consent/policy X X X noncompliance
  • 26. Elicited privacy requirements & mitigation strategies n° Threat scenarios Privacy requirements Suggested mitigation strategy 1 Linkability of social network data store Unlinkability of data entries within the social network database Protection of the data store, by applying of data anonymization techniques, such as k-anonymity k- 2 Linkability of data Unlinkability of messages of Employ anonymity system, flow (user-portal) user-portal communication e.g. TOR 3 Linkability of entities the social network users Unlinkability of different pseudonyms (user IDs) of social network users Technical enforcement: Use anonymity system such as TOR, for communication between user and social network web portal User privacy self-awareness (aware revealing too much information online self- can be privacy invasive) Channel and message confidentiality (of data flow) Use anonymity system, such as TOR 4 Identifiability at the social network data store Anonymity of social network users such that the user will not be Protection of the data store, by applying of data anonymization identified from social network database entries techniques, such as k-anonymity k- 5 Identifiability at data flow of user data stream Anonymity of social network users such that the user will not be Technical enforcement: use anonymity system, such as TOR, for (use-rportal) (use-rportal) identified from user-portal communication user- communication between user and social network web portal
  • 27. Outline Introduction Overview of contributions Privacy threat analysis framework Anonymous buyer-seller watermarking protocols Conclusion
  • 28. Online transaction scenario Buyer Seller Group Judge Manager
  • 29. Anonymous buyer-seller watermarking protocols 2. Watermark generation & embedding Building blocks • homomorphic encryption: watermarking in encrypted domain o M ∈ M ,o C ∈ C , ∀m1 , m2 ∈ M : E (m1 o M m2 ) = E (m1 ) o C E (m2 ) • group signature • zero-knowledge proof Properties • traceability (seller’s security) • non-repudiation (seller’s security) 1. Registration 3. Identification & • non-framing (buyer’s security) arbitration • anonymity & unlinkability (buyer’s security)
  • 30. Registration phase Buyer Group Manager gski gski ← GSjoin ( gpk , uski ) reg i ← GSiss ( gpk , isk , upki ) Secure & authenticated channel Group manager • Buyer’s ID Buyer group joining • secret signature key
  • 31. Watermark generation & embedding phase Buyer Seller π1,π 2 ' ' ( sk B , pk B ) ← BKgen(1k ) ' C ← JEnc( pk j , sk B ) ' ci ← BEnc( pk B , WBi ) ' ' m ← ( pk B , j , (ci )li =1 , C ) WATemb ( swk , X , BEnc ( pk B , W )) S m ← GSsig ( gpk , gski , m) Anonymous channel (S & B) Zero knowledge proofs • Fair Encryption of private Key • Bit Encryption of watermark
  • 32. Watermark generation & embedding Basic concept Type I • Seller & Buyer generate part of watermark • security (S & B) • Seller doesn’t know: buyer’s watermark & • multiple transactions watermarked content delivered to the buyer • Buyer doesn’t know: original content & seller’s X' = X ⊕ V, watermark E(Y) = E(X'⊕σ (W)) = E(X' ) ⊗ E (σ (W)) intermediate ⊕ →  watermarked content original content index watermark ⊕ →  permutation final  → watermarked content buyer’s watermark permuted buyer’s watermark
  • 33. Watermark generation & embedding Type II • not limited to permutation tolerant watermarks X' = X ⊕ V, E(W) = E(WS + WB ) = E(WS ) × E(WB ), E(Y) = E(X'⊕ W) = E(X' ) ⊗ E(W) + →  composite watermark buyer’s watermark seller’s watermark additive homomorphic × →  ⊕ →  ⊕ →  final watermarked content original content index watermark Intermediate watermarked content
  • 34. Watermark generation & embedding Type III • avoid double-watermark W = φ || (WS ⊕ WB ), E(W) = {E(φ1 ),..., E(φl1 )} || {E(WSB1 ),..., E(WSBl2 )} E(WBi ), (Wsi = 0) E(WSBi ) = E(WS ⊕ WB ) = { E(1) × E(WBi ) -1 , (Wsi = 1) intermediate ⊕c →  composite watermark buyer’s watermark seller’s watermark final || →  composite watermark index watermark intermediate composite watermark ⊕ →  final watermarked content original content
  • 35. Identification and arbitration phase Seller Judge W ' ← WAT det( swk , Y ) Secure & authenticated channel ( B i ,τ ) ← GSopen ( gpk , osk , reg , m, sm ) Group Manager
  • 36. Implementation Type III BSW protocol Parameters Communication complexity • 512×512-pixel image, ≈ 2 Mbit • (in exchanged bits) • Watermark 128 bits • Watermark generation & embedding: ≈ • Paillier modulus N of 1024 bits 8 Mbit • run on CPU at 2.4 GHz • Identification & arbitration: ≈ 0.4 Mbit Execution time (in seconds) • Expansion factor: ≈ 4.2 • Registration: <0.5 sec • Identification & arbitration: < 2.5 sec • most computational load @ Seller watermark generation & embedding (WGE) phase execution time
  • 37. Outline Introduction Overview of contributions Privacy threat analysis framework Anonymous buyer-seller watermarking protocols Conclusions
  • 38. Conclusions Privacy threats emerge • trust in providers Need balance • content protection (provider) & privacy protection (user) Privacy • as security, embodied value Build privacy in • goal-oriented, framework Content protection techniques • also protect privacy Yes, it is possible to reconcile privacy with protection of content
  • 39. List of publications International Journals Mina Deng, Kim Wuyts, Riccardo Scandariato, Bart Preneel, and Wouter Joosen. A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirement Engineering Journal special issue on Data Privacy, to appear, 27 pages, 2010. Alfredo Rial, Mina Deng, Tiziano Bianchi, Alessandro Piva, and Bart Preneel. Anonymous buyer-seller watermarking protocols: formal definitions and security analysis. IEEE Transactions on Information Forensics and Security, to appear, 11 pages, 2010. Mina Deng, Danny De Cock, and Bart Preneel. Towards a cross-context identity management framework in e-health. Online Information Review, international journal 33(3):422-442, 2009. Mina Deng and Bart Preneel. Attacks on two buyer-seller watermarking protocols and an improvement for revocable anonymity. International Journal of Intelligent Information Technology Application, 1(2):53-64, 2008. Book Chapters Mina Deng, Danny De Cock, and Bart Preneel. An interoperable cross-context architecture to manage distributed personal e-health information. In M. M. Cunha, R. Simoes, and A. Tavares, editors, Handbook of Research on Developments in e- Health and Telemedicine: Technological and Social Perspectives, ISBN: 978-1-61520-670-4, chapter 27, pages 576-602. Hershey, PA, USA: IGI Global, Inc., 2009. Mina Deng and Bart Preneel. On secure buyer-seller watermarking protocols with revocable anonymity. In Kyeong Kang, editor, E-Commerce, ISBN: 978-953-7619-98-5, chapter 11, pages 184-202. IN-TECH Education and Publishing, Vienna, Austria, 2009. International conferences (Selected) Mina Deng, Tiziano Bianchi, Alessandro Piva, and Bart Preneel. An efficient buyer-seller watermarking protocol based on composite signal representation. In Proceedings of the 11th ACM workshop on Multimedia and security (MMSEC), pages 9-18, Princeton, New Jersey, USA. ACM New York, NY, USA, 2009. Mina Deng and Bart Preneel. On secure and anonymous buyer-seller watermarking protocol. In Abdelhamid Mellouk, Jun Bi, Guadalupe Ortiz, Dickson K. W. Chiu, and Manuela Popescu, editors, Third International Conference on Internet and Web Applications and Services (ICIW), pages 524-529, Athens, Greece. IEEE Computer Society, 2008. Mina Deng, Lothar Fritsch, and Klaus Kursawe. Personal rights management – taming camera-phones for individual privacy enforcement. In George Danezis and Philippe Golle, editors, Privacy Enhancing Technologies, 6th International Workshop (PET), Revised Selected Papers, volume 4258 of Lecture Notes in Computer Science, pages 172-189, Cambridge, UK. Springer, 2006.