Private Information Protectionbased on User-Trusted Program

Institute of Systems and Information Engineering/KYUSHU

Ken’ichi Takahashi

Introduction Wide spread of network environments

e.g. cellular phone, wireless communication devices, refrigerator, television, etc...

Hot Sport services at airports, shops

Ubiquitous computing environment

What can we do ?

photo printbook sales

tourism info

creditcard for the payment

How is it used ?

situations

Related works Symmetric-key, public-key, zero-knowledge

algorithms, etc Digital signature, public-key infrastructure, etc

The Platform for Private Preference defines a standard format to express privacy policy User agent can automate decision-making based on it

Enterprise Privacy Authorization Language compels employees within the organization to keep

privacy policy To provide rights of information access based on

trustworthiness How do we compute trustworthiness? Does not make sure to prevent illegal information use

A way of information check

user

privateinformation

service provider

result

input

check program

Ways of information check

user

check prgcheck prg

privateinformation

service provider

(c) check by a user

input

user

check prg

privateinformation

service provider

(a) check by a service provider

releaseuser

check prg

check prg

privateinformation

service provider

(b) prepare trusted third parties

release

trusted third party

user

check prg

privateinformation

service provider

(d) check by a trusted program

trusted prg

check prgconvert

trusted prg

release

Public, private zone model We proposed public and private zone

model which aims to realize user can protect own

information by himself User and service providers are defined as

agent Public zone: is a space for dynamic service

use and for executing trusted program Private zone: is a space for protecting private

information Security barrier: is defined between public

and private zone

The overview of our model

publicpolicies

privacypolicies

security barrier

To other agents

get

publicpolicy

From other agents

public zone

registerprivate zone

clientprogram

interaction

access check

PrivateServices

PrivateServices

serviceprogram

PrivateServices

PrivateServices

privacyinformation

client program + attributesAgent

publicpolicy

Public zone realizes dynamic service use

Service = client program + service program Client program: is executed by users Service program: is executed by the service

provider Public policy = client program ＋ attributes

user

public zone public zone

service provider

serviceprogram

clientprogram

pair

1. get

3. communicatesecurity

barrie

r

client program + attributes

2. execute

Private zone Privacy policy

permission: purpose the user allows to use it

trusted_prg: methods the user allows to use it

user

clientprogram

security b

arrier

private zone

privateinformation

privacypolicy

send private info

usage: purpose of useprocess: methods to use

permission ?

trusted_prg ?

trustedprogram

created from process and trusted_prgpublic zone

service provider

trustedprogram

send

use through trusted program

Issues

How to create trusted programs ? How to protect trusted programs ? How to confirm the behaviour of

trusted program ? How to protect service providers

from trusted programs ?

A way to create a trusted program Our model protects private information by the trusted

program which we prepare How to create trusted programs ?

To prepare the pattern which private information uses Service provider shows a process of private information

use User extracts places where uses private information from

the process User replace the place to his prepared pattern

payment (id, password){ String p = getPass (id); if (password == p){ assign the right of service use }}

payment (id, hashed-password){ String p = getPass (id); if (hashed-password == hash (p)){ give the right of service use }}

Protection of the trusted program A trusted program are executed by service

provider The service provider can rewrite it easy

Necessary to prevent illegal program rewriting Anti-tampering devices Software obfuscation, mobile cryptographyanti-tampering

device

ks

trusted-prg

encrypted-prg

kpencrypted-prg

trusted-prgkp

service provider

user executeresult

Confirmation of trusted program

The service provider checks private information by a trusted program The trusted program actually checks it?

Protection of service provider There is some possibility of acting as

malware Necessary to restrict trusted program

behaviours

Conclusion We proposed the basic model for

private information protection Our model protects private information by

user’s trusted program User can protect private information by own

responsibility

But some issues are remained Difficult to solve these issues But, these are interesting challenges

Thank you for your attention