Compu4ng Privacy Requirements

Size: px

Start display at page:

Download "Compu4ng Privacy Requirements"

Randolph Farmer
3 years ago
Views:

1 Security Requirements Security in Compu4ng, Chapters 1 & Topics What are the key requirements to implement a secure system? Privacy Anonymity Authen4ca4on & Authorisa4on Integrity Audit 2

2 Privacy A state of being free from being observed or disturbed by others A core requirement of a secure system is to protect privacy Privacy issues predate computers and are mo4vated by fundamental human rights People and socie4es differ on what they consider what data should be private With computers and modern media, once privacy is transgressed, it can be difficult to reverse unless you are able to act fast Prior to computers, publicly available data was rarely accessed due to the difficul4es in searching it You can now use Google to achieve what could have been a life4mes work... Access to informa4on about you needs to be carefully considered since it is virtually impossible to remove it once it is released Cross referencing different data sources allows you to build a detailed picture of an individual 3 Privacy & Society There is much debate as to the level of privacy one should be allowed in society, for example compare privacy laws of U.S. versus E.U. E.U. - data about you is private to you and the selling of this data is restricted U.S. - data a business collects about you belongs to the company and may be freely sold on The most obvious effect is direct marke4ng approaches. Less obvious un4l recently is the ques4on of what is acceptable behaviour of government security agencies. The level of privacy afforded to an individual in a society owen defines how liberal the society is Many repressive regimes collect data on their popula4ons with a view to controlling them in some way, either by force or thought (the media...) 4

3 Privacy - The Data Protec4on Act The Data Protec4on Act is designed to protect your privacy and enforce how organisa4ons handle informa4on rela4ng to you. There are eight data protec4on principles: Data should be fairly and lawfully obtained It should be held only for a specific and lawful purpose The data should be relevant to the task and not excessive for those purposes It should be accurate and up- to- date It should not be kept for longer than necessary It should be processed in accordance with the rights of the person to whom the data refers It should be kept securely to ensure it is not misused It should not be transferred out of the European Economic Area unless the des4na4on has an adequate level of data protec4on. See BCS hap:// 5 Privacy Do you think data concerning your browsing habits are important? Do you mind businesses data mining your web ac4vi4es? Phorm is a system embedded at ISP level and intercepts data packets, watching users browsing behaviour and injec4ng adverts (or other data) into the hap stream Capable of changing content sent by a site and replacing it with own data At present this is aimed at targeted adver4sing but where will this go? Google openly admits collec4ng and analysing your data with a view to selling you on to adver4sers and other interested par4es. As we have seen, analysis of meta- data about a users ac4vi4es and the groups they interact with can be very informa4ve 6

4 Anonymity - to be nameless Anonymity protects privacy since although you may know facts about a person, it is harder to cause harm if you do not know who they are. Phorm s defense is that users are anonymous Anonymity has many benefits Removes bias secret ballots, double blind trials/reviews Whistleblowers can reveal details with less fear of reprisal (although it is owen easy to work out who they must be based on what they have revealed) Removes barriers to interac4on with untrusted par4es encouraging people to get involved/inves4gate/ contribute if they are not traceable This can be both good and bad - e.g. discussion forums, wikis What about payment and delivery if you are anonymous convenient but easy to defraud or exploit 7 Pseudonymity The most common form of avoiding problems of anonymous iden4ty is a pseudonym An en4ty people recognise as being associated with you, that is not actually you People/organisa4ons can regularly interact with your pseudonym without you giving away informa4on that 4es your pseudonym to your actual iden4ty or loca4on (mostly...) Allows an individual to change their pseudo iden44es with rela4ve ease Not so easy if you have used your real name... 8

5 Issues with Anonymity Commercial Anonymity Swiss Bank Accounts What I buy is up to me... What if it is explosives? Medical Anonymity My medical condi4ons are my business? What if someone finds out you need treatment Posi4ves & Nega4ves Posi4ve Whistleblowers Discussions Nega4ve Aaacker can hide iden4ty Discussions... 9 Authen4ca4on & Authorisa4on Who are you and what are you allowed access to? Authen4ca4on is the process of iden4fying an individual as being genuine and not an impostor Systems frequently aaempt authen4ca4on by checking something a user: Knows Has Is Password, PIN, Date of birth??? Card, key, uniform, badge Face, fingerprint, iris scan A system is more secure if it combines two or more of these factors for authen4ca4on 10

6 Authorisa4on Authorisa4on is concerned with what a user is allowed to do If we accept that they are who they say they are, now we must restrict what they can do OWen this is to protect the systems they are working on Some4mes it is to protect them from themselves User access levels on Windows... Typical levels on a computer User Create files in their own space, view local documents, cannot install sowware Manager Edit documents in project workspaces Administrator Install sowware, configure printers, manage accounts Military systems can have many informa4on access levels Public, restricted, secret, top secret etc. Problems can occur when a User needs access to part of data only a Manager can see Clever users can piece together segments of authorised accessible data to infer data they cannot directly see by crea4ng crawed queries where only one individual is returned 11 Integrity Integrity is concerned with ensuring that informa4on is genuine Has the data or the system maintaining it been tampered with (e.g. a website) Data which has maintained integrity is not necessarily an accurate reflec4on of the real world, it just reflects what was recorded Undermining the integrity of informa4on can have drama4c effects Aaempts can be made to lure you to a fake site phishing What if you cannot tell the difference between real and fake? Would you use either? Uncertainty or loss of confidence in the value of something is damaging Stock prices, criminal records, vehicle details, credit scores... 12

7 Integrity 13 Integrity Web based media is very powerful, rapidly reaching an audience of millions The poten4al damage caused by manipula4ng the truth (e.g. a video clip) is high Once achieved, it is very hard to undo this deceit Accountability acts as an insurance policy for data integrity It involves keeping a log of relevant events, who carried them out and when By keeping a careful audit trail, it should be possible to observe any change to data and iden4fy the person responsible for the change Data can be rolled back to original values Person can be ques4oned and the trail followed further Audi4ng and version control occurs in large sowware development projects CVS, Subversion 14

8 Audit & Forensics Audit is the ability to conduct a methodical and thorough review of a system Audi4ng processes rely on logging and recording ac4ons of the system and users For example, login/out, remote connec4ons, service start/stop... Audit may prevent an aaack if it dissuades an aaacker due to the audit trail they leave behind Skilled hackers are able to cover up their tracks by edi4ng audit logs This removes evidence of their intrusion How do you remove the audit trail of you edi4ng the audit trail? Without proper audit processes in place, it is very difficult to trace an aaack and work out what damage may have been done and by whom Forensics iden4fying what happened, how, when and why relies on good audi4ng processes It is hard to solve a puzzle when you don t have all the pieces 15 Summary We have looked at the core requirements for a secure system : Privacy Relevant anonymity Authen4ca4on Authorisa4on Integrity Audit This module will look at examples of subver4ng these requirements and relevant methods for mee4ng them 16

The Billion Dollar Product Online Privacy. Rui Miguel Feio Security Lead RSM Partners

The Billion Dollar Product Online Privacy Rui Miguel Feio Security Lead RSM Partners Agenda Introduc.on Free online services Nothing in life is for free Paid online web services How do they do it? Risks