Digital and information infrastructures are the new business layers to interact with consumers as part of regulatory requirements. How secure are these systems? How do businesses connect with these infrastructures to provide over-the-top services to citizens/consumers/users?

1. Consent,
Crypto and
Information
Infrastructures

2. What this talk is about?
Introduction to Digital
Infrastructure. (5 Minutes)
Use of Crypto in Digital
Infrastructures (20 Minutes).
Relationship between Crypto and
Consent. (15 Minutes)

3. Introduction to
Digital
Infrastructure

4. Physical
Infrastructure

5. Financial Infrastructure

6. Digital Infrastructure
 Infrastructure as a Service (IaaS)
 Software as a Service (SaaS)
 Platform as a Service (PaaS)

7. “
”
Digital Infrastructures are
Information processing
Infrastructures.

8. Atomic Operations in Data-Verse
Store
AnalyseCreate

9. Use of Crypto
in Digital
Infrastructures

10. First came the Data Storage

11. Then came the Processing

12. And then you bring your data

13. Atomic Operations in Data-Verse
Store
AnalyseCreate
S3EBS
EC2 Compute

14. AWS Revenues
Year Revenue Loss
2006 $20M $13M
2008 $60M $8M

15. Bring Your Own Keys
*5 Years later after S3

16. EBS Encryption
*6 Years later after EBS Announcement

17. Full Fledged Key Management

18. Bring your own Keys

19. Atomic Operations in Data-Verse
Crypto
Analyse
StoreCreate

20. Why is Crypto important?
Whoever controls the data is
the owner of the data.
1
Where data is stored is
irrelevant if control is yours.
2
Unlike “physical things, in
information infrastructures,
control, storage and
ownership are “different
things”
3

21. Dis-trust is an Emergent Property
Distrust
Control
StorageOwnership

22. Crypto Can mediate Trust
CRYPTO
Control
StorageOwnership

23. Crypto Key
management
used to be hard
problem

24. But not anymore

25. Everyone manages their own Keys

26. And 100s of
them every
single day

27. OSS and Information Infra-Stacks
 Crypto Protocols are OSS.
 Storage Protocols are OSS. (S3, Block Storage, NFS, Ceph, Gluster FS, ZFS, LVM)
 Storage Services (DynamoDB, Cassandra etc.)
 So how do Digital infrastructures make money? – Efficiency, Optionality and Trust
(provided by Crypto)

28. Public Locker

29. But I want to
”Share
Information”
Sharing Information means you “lose control” of it
technically.
The fiction of consent is then created by Legal
principles and through policy.
Multiple schemes exist that allow Limited sharing
but with Bring your own Cryptography algorithms
and Bring your own keys approach.

30. Property Preserving
Encryption
 If Plain Text (A) < Plain Text (B), then
 Encrypted (A) < Encrypted (B).
 If Plain Text(A) OPERATOR Plain Text (B)
 Encrypted (A) OPERATOR Encrypted (B)
 Leaks some information and is vulnerable to
repeated queries.
 Combined with transformation to apply
anonymization offers better protection

31. PPE Applicability
 A Document (X) can be thought of to have “N” Fields
 Secret ID
 Name
 Date of Birth
 Address
 Different PPE algorithms can be applied to different fields based on what the “Sharer”
wants to.
 Secret ID (Full encryption)
 Name (No Encryption)
 Date of Birth (PPE that transforms into Age number and then applies algorithm that preserves
< and > operations)
 Address (Encrypt everything)

32. What PPE
offers
Informational self-
determination.
I share not just
fields but can also
determine the PPE
on some fields.
Composable with
Other
Anonymization
functions –
PPE(T(X))
Allows T(X) to be
built for fields
which can be
normalized to PPE
fields

33. Extraction attacks on PPE

34. Extraction attacks on PPE

35. Differential Privacy
 Strong Mathematical foundation that allows balancing
utility and privacy and guarantees
 No access to raw data.
 Resilience to post-processing.
 Resilience to de-anonymization techniques via constant
querying.
 Allows aggregation but evades statistical inference.

36. ε-differential privacy
 An inference is released from a statistical database and it
should not compromise the individual’s privacy.
 A perfect privacy score would only be possible when the
individual’s data is not in the DB.
 Goal of Differential Privacy = Roughly same privacy to
individual as if their data is not in the DB.

37. Multiple
successful
real-world
cases
Windows Telemetry
Linked-in Advertiser queries
US Census for commuting
patterns.

38. Case Study: US Census Bureau

40. Privacy Pie
Crypto Key
Management
Storage
Management
Privacy Services
Utility Layers

41. Why is
Consent
broken?

42. How not to
break
Consent?