After Mainframe and Client-Server computing, Cloud computing is the next computing paradigm. The main difference is that individuals and enterprises make use of services out of the Cloud via a web browser, share computing power and data storage. The data disclosure from users to software service providers of the Cloud raises privacy risks. Users cannot enforce the agreed-upon privacy policy. In this article we propose a privacy system for an ex post enforcement of a privacy policy. Our proposal is to observe disclosures of personal data to third parties by data provenance using digital watermarking.
Location: NII Open House 2010, National Center of Sciences, Tokyo, Japan
1. Prof. Dr. Isao EchizenDr. Sven Wohlgemuth Prof. Dr. Günter MüllerProf. Dr. Noboru Sonehara
National Institute of Informatics, Tokyo, Japan University of Freiburg, Germany
Solutions for Coping with Privacy and Usability
- Privacy-compliant Disclosure of Personal Data to Third Parties -
Contact: Dr. Sven WOHLGEMUTH – DAAD Postdoctoral Scholar at the Digital Content and Media Sciences Research Division
TEL : 03-4212-2594 FAX : 03-3556-1916 (c/o Prof. Dr. Echizen) E-mail : wohlgemuth@nii.ac.jp WWW: www.nii.ac.jp
Cloud Computing and Disclosure of Personal Data to 3rd Parties
Service providers act as data consumers and data
providers
• Some service providers (e.g. advertisement company, online
book store) offer on premise large databases and runtime
environments with application framework
• Services of cloud users’ run on service providers’ environment
• Privacy promise: Service providers handle personal data according
to the agreed upon privacy policy
• Cloud users cannot enforce policy-compliant disclosure to 3rd
parties
• Cloud is a black box
Safety of Data or Liveness of Services
Controllable Disclosure of Personal Data by DETECTIVE
Identity Management and Disclosure to 3rd Parties
• Privacy by non-linkable credentials
• All credentials and pseudonyms are based on secret key
• All-or-nothing delegation Loss of control
Digital Watermarking and Disclosure to 3rd Parties
• Copyright protection by labeling digital content
• Symmetric watermarking scheme: Both service providers get the
same watermark Non-distinction of last data provider
Evaluation: Proof-of-concept implementation for medical services with electronic health records (x-ray images)
DETECTIVE: Protocols for Data Provenance
• Ex-post enforcement of obligations by identifying last data provider
• Linking the identities of data provider and consumer to disclosure
by cryptographic commitments and digital watermarking
• Verification by auditor due to delegated rights as watermarking key
User Service providers Service providers
Need medical
help
Therapy
X-Ray Image of P
Result
…
Driving
licence
Stella Freiburger
Classes: ABE
Friedrichstr. 50
D-79098 Freiburg
Germany
IP: 132.15.16.3
Driving
licence
Stella Freiburger
Classes: ABE
Friedrichstr. 50
D-79098 Freiburg
Germany
IP: 132.15.16.3
Driving
licence
Stella Freiburger
Classes: ABE
Friedrichstr. 50
D-79098 Freiburg
Germany
IP: 132.15.16.3
Driving
licence
Stella Freiburger
Classes: ABE
Friedrichstr. 50
D-79098 Freiburg
Germany
IP: 132.15.16.3
DC / DP
Big Brother
DC / DP
Person
Person
Profile
1+2+…
DP
Profile
1+2+…
Access control No usage control for the disclosure of personal data
User
d
DP = Data provider
DC = Data consumer
d, d’ = Personal data
Disclosure of personal data
to third parties
d, d’
d
Service provider
d, d’
d, d’
DP
DC / DP
DC / DP
DC / DP
DC
Medical
Data
Local clinic
Advertiser
Medical
Data
Local
clinic
Advertise
r
Medical
Data
Local clinic
Advertiser
Clinic
abroad
Medical
Data
Local clinic
Advertiser
Clinic
abroad
Data
Provenance
AdvertiserClinic abroadPharm. company Pharm. company
Usage Control by Data Provenance
• Usage control: Enforcement of usage rules (obligations)
• Data provenance: Information to determine the derivation
history of data
• In an audit, data provenance can be used to restore the
information flow of personal data
Data provider Data consumer
Apply Tag
Auditpr Data provider
Verify Tag
Data consumer
Local clinic
Advertiser
Clinic abroad
Patient
(rights)
Advertiser Clinic abroad Patient
(rights)
Local clinic
Advertiser
Clinic abroad
Advertiser
Clinic abroad
Clinic abroad
Advertiser
寿
Local clinic
Advertiser
Clinic abroad
Clinic
abroad
Advertiser
寿
Pharmaceutical company
Advertiser
Clinic
abroad
Local clinic
Advertiser
Clinic abroad
Local clinic
Advertiser
Clinic abroad
Local clinic