Digital and information infrastructures are the new business layers to interact with consumers as part of regulatory requirements. How secure are these systems? How do businesses connect with these infrastructures to provide over-the-top services to citizens/consumers/users?
2. What this talk is about?
Introduction to Digital
Infrastructure. (5 Minutes)
Use of Crypto in Digital
Infrastructures (20 Minutes).
Relationship between Crypto and
Consent. (15 Minutes)
20. Why is Crypto important?
Whoever controls the data is
the owner of the data.
1
Where data is stored is
irrelevant if control is yours.
2
Unlike “physical things, in
information infrastructures,
control, storage and
ownership are “different
things”
3
21. Dis-trust is an Emergent Property
Distrust
Control
StorageOwnership
27. OSS and Information Infra-Stacks
Crypto Protocols are OSS.
Storage Protocols are OSS. (S3, Block Storage, NFS, Ceph, Gluster FS, ZFS, LVM)
Storage Services (DynamoDB, Cassandra etc.)
So how do Digital infrastructures make money? – Efficiency, Optionality and Trust
(provided by Crypto)
29. But I want to
”Share
Information”
Sharing Information means you “lose control” of it
technically.
The fiction of consent is then created by Legal
principles and through policy.
Multiple schemes exist that allow Limited sharing
but with Bring your own Cryptography algorithms
and Bring your own keys approach.
30. Property Preserving
Encryption
If Plain Text (A) < Plain Text (B), then
Encrypted (A) < Encrypted (B).
If Plain Text(A) OPERATOR Plain Text (B)
Encrypted (A) OPERATOR Encrypted (B)
Leaks some information and is vulnerable to
repeated queries.
Combined with transformation to apply
anonymization offers better protection
31. PPE Applicability
A Document (X) can be thought of to have “N” Fields
Secret ID
Name
Date of Birth
Address
Different PPE algorithms can be applied to different fields based on what the “Sharer”
wants to.
Secret ID (Full encryption)
Name (No Encryption)
Date of Birth (PPE that transforms into Age number and then applies algorithm that preserves
< and > operations)
Address (Encrypt everything)
32. What PPE
offers
Informational self-
determination.
I share not just
fields but can also
determine the PPE
on some fields.
Composable with
Other
Anonymization
functions –
PPE(T(X))
Allows T(X) to be
built for fields
which can be
normalized to PPE
fields
35. Differential Privacy
Strong Mathematical foundation that allows balancing
utility and privacy and guarantees
No access to raw data.
Resilience to post-processing.
Resilience to de-anonymization techniques via constant
querying.
Allows aggregation but evades statistical inference.
36. ε-differential privacy
An inference is released from a statistical database and it
should not compromise the individual’s privacy.
A perfect privacy score would only be possible when the
individual’s data is not in the DB.
Goal of Differential Privacy = Roughly same privacy to
individual as if their data is not in the DB.