hommer: holistic model for minority education & research

HOMMER: Holistic Model for Minority Education & Research

“The Balancing Act”:

Accountability vs. Privacy

byDeidre W. Evans

Christy L. Chatmon

Department of Computer and Information Sciences May 5th, 2004

Overview

• Introduction

• Research Discussion– “The Balancing Act”

• Goals of Research– Security Track in Curricula– Center of Educational Excellence in

Information Assurance by NSA– Build Collaborations


Introduction

• September 11, 2001 was in part due to a lack of operational balance between privacy and accountability:– “Uncrackable encryption is allowing terrorists

to communicate about their intentions without fear of outside intrusion. They’re thwarting the efforts of law enforcement to detect, prevent and investigate illegal activities.”

[FBI director]


Introduction

• Increase in security threats– Denial of service, worms, viruses, etc.

• Advancement in data retrieval & storage mechanisms– Data-mining, CRM, WEB Tracking

“The Balancing Act”

• Privacy/Anonymity– Controlling all information about one’s self &

personal activity– Authentication

• Passwords, PKI’s, biometrics, etc.

• Accountability/Security– Attribute actions to the user that caused those

actions


• Investigate existing methodologies:– Key Escrow

• third party retrieves cryptographic keys for data confidentiality for recovery of encrypted data

– PKIs




Anonymity Accountability

Privacy Authentication

Privacy Cyber-forensics

Free Speech Liability/Copyright

Goals of Research

• Problem: – Existing paradigms embody conflict between

security goals and privacy goals

• Goal:– Explore alternative paradigms that balances

the needs for security with the needs for personal privacy

• Develop a cryptographic infrastructure models, techniques, & tools to facilitate “privacy-balanced accountability”


Goals of Research

• FAMU CIS department recognized as a Center of Educational Excellence in Information Security by National Security Agency

• Information Security Track in CIS curricula


Goals of ResearchC isco R outer

C loud

C isco 24 P ort S w itch

C isco P ix F irewall

C isco 24 P ort S w itch

W orksta tions - O pera ting system s L inux W in2K W in98 V M W are

NT 2000 Server Solaris 9 server

NT 2003 Server with Term inal Services

Goals of Research

• Standalone Security Lab to support research & course needs– explore new paradigms for training students

about security and to foster students’ interests in security issues

• Extend collaborations with other security educators– FSU, University of Central Florida, etc.


References

[1] Carl Ellison and Bruce Schneier. Ten Risks of PKI, What You Are Not Being Told About PKI. Computer Security Journal, Vol. XVI, No. 1, 2000.[2] Donald Runsfeld. US Secretary of State, Comments to the press, Sept 12, 2001, http://www.defenselink.mil/cgi- bin/real_audio.pl?

Sep2001/DoD091201a&1000322100[3] Hosmer, C., Gordon, G., Hyde, C., Grant, T. "Cyber Forensics 2000."

Proceedings, 1st Annual Study of the State-of-the-Art in Cyber Forensics.[4] J.K. Millen and R.N. Wright. Reasoning about Trust and Insurance in a

Public Key Infrastructure. Proceedings of 13th IEEE Computer Security Foundations Workshop, IEEE Computer Society, July 2000.

[5] Jack Kelley. Terror groups hide behind Web encryption. USA Today, June 19, 2001, http://www.usatoday.com/life/cyber/tech/2001-02-05-binladen.htm

[6] M. Burmester, Y. Desmedt and J. Seberry. Equitable key escrow with limited time-span. Advances in Cryptology, Asiacrypt 98, LNCS 1514, Springer,

Berlin, pp. 380-391, 1998.


hommer: holistic model for minority education & research

Documents

security goals

security educatorsfsu

security issues

computer security journal

privacy bydeidre

privacy goalsgoal

existing paradigms

data confidentiality