Private Information Protection based on UserTrusted Program

About This Presentation

Title:

Private Information Protection based on UserTrusted Program

Description:

photo print. book sales. tourism info. creditcard for the payment. How is it used ? situations ... Service provider shows a process of private information use ... – PowerPoint PPT presentation

Number of Views:44

Avg rating:3.0/5.0

Slides: 17

Provided by: kenichit

Category:

more less

Transcript and Presenter's Notes

Title: Private Information Protection based on UserTrusted Program

1
Private Information Protectionbased on
User-Trusted Program

Institute of Systems and Information
Engineering/KYUSHU
Kenichi Takahashi

2
Introduction

Wide spread of network environments
e.g. cellular phone, wireless communication
devices, refrigerator, television, etc...
Hot Sport services at airports, shops

3
What can we do ?
photo print book sales tourism info
situations
How is it used ?
creditcard for the payment
4
Related works

Symmetric-key, public-key, zero-knowledge
algorithms, etc
Digital signature, public-key infrastructure, etc
The Platform for Private Preference
defines a standard format to express privacy
policy
User agent can automate decision-making based on
it
Enterprise Privacy Authorization Language
compels employees within the organization to keep
privacy policy
To provide rights of information access based on
trustworthiness
How do we compute trustworthiness?
Does not make sure to prevent illegal information
use

5
A way of information check
check program
private information
user
service provider
6
Ways of information check
7
Public, private zone model

We proposed public and private zone model
which aims to realize user can protect own
information by himself
User and service providers are defined as agent
Public zone is a space for dynamic service use
and for executing trusted program
Private zone is a space for protecting private
information
Security barrier is defined between public and
private zone

8
The overview of our model
From other agents
To other agents
public policy
interaction
Agent
client program attributes
public zone
get
public policies
client program
access check
security barrier
private zone
register
privacy policies
9
Public zone

realizes dynamic service use
Service client program service program
Client program is executed by users
Service program is executed by the service
provider
Public policy client program attributes

public zone
public zone
security barrier
service program
3. communicate
2. execute
client program
pair
public policy
1. get
client program attributes
user
service provider
10
Private zone

Privacy policy
permission purpose the user allows to use it
trusted_prg methods the user allows to use it

private zone
public zone
security barrier
private information
use through trusted program
client program
privacy policy
service provider
user
11
Issues

How to create trusted programs ?
How to protect trusted programs ?
How to confirm the behaviour of trusted program ?
How to protect service providers from trusted
programs ?

12
A way to create a trusted program

Our model protects private information by the
trusted program which we prepare
How to create trusted programs ?
To prepare the pattern which private information
uses
Service provider shows a process of private
information use
User extracts places where uses private
information from the process
User replace the place to his prepared pattern

payment (id, password) String p getPass
(id) if (password p) assign the
right of service use
13
Protection of the trusted program

A trusted program are executed by service
provider
The service provider can rewrite it easy
Necessary to prevent illegal program rewriting
Anti-tampering devices
Software obfuscation, mobile cryptography

anti-tampering device
trusted-prg
encrypted-prg
kp
ks
encrypted-prg
kp
trusted-prg
user
execute
result
service provider
14
Confirmation of trusted program