private information protection based on user-trusted program institute of systems and information...
TRANSCRIPT
![Page 1: Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi](https://reader036.vdocuments.us/reader036/viewer/2022082820/5697bf8c1a28abf838c8b80f/html5/thumbnails/1.jpg)
Private Information Protectionbased on User-Trusted Program
Institute of Systems and Information Engineering/KYUSHU
Ken’ichi Takahashi
![Page 2: Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi](https://reader036.vdocuments.us/reader036/viewer/2022082820/5697bf8c1a28abf838c8b80f/html5/thumbnails/2.jpg)
Introduction Wide spread of network environments
e.g. cellular phone, wireless communication devices, refrigerator, television, etc...
Hot Sport services at airports, shops
Ubiquitous computing environment
![Page 3: Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi](https://reader036.vdocuments.us/reader036/viewer/2022082820/5697bf8c1a28abf838c8b80f/html5/thumbnails/3.jpg)
What can we do ?
photo printbook sales
tourism info
creditcard for the payment
How is it used ?
situations
![Page 4: Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi](https://reader036.vdocuments.us/reader036/viewer/2022082820/5697bf8c1a28abf838c8b80f/html5/thumbnails/4.jpg)
Related works Symmetric-key, public-key, zero-knowledge
algorithms, etc Digital signature, public-key infrastructure, etc
The Platform for Private Preference defines a standard format to express privacy policy User agent can automate decision-making based on it
Enterprise Privacy Authorization Language compels employees within the organization to keep
privacy policy To provide rights of information access based on
trustworthiness How do we compute trustworthiness? Does not make sure to prevent illegal information use
![Page 5: Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi](https://reader036.vdocuments.us/reader036/viewer/2022082820/5697bf8c1a28abf838c8b80f/html5/thumbnails/5.jpg)
A way of information check
user
privateinformation
service provider
result
input
check program
![Page 6: Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi](https://reader036.vdocuments.us/reader036/viewer/2022082820/5697bf8c1a28abf838c8b80f/html5/thumbnails/6.jpg)
Ways of information check
user
check prgcheck prg
privateinformation
service provider
(c) check by a user
input
user
check prg
privateinformation
service provider
(a) check by a service provider
releaseuser
check prg
check prg
privateinformation
service provider
(b) prepare trusted third parties
release
trusted third party
user
check prg
privateinformation
service provider
(d) check by a trusted program
trusted prg
check prgconvert
trusted prg
release
![Page 7: Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi](https://reader036.vdocuments.us/reader036/viewer/2022082820/5697bf8c1a28abf838c8b80f/html5/thumbnails/7.jpg)
Public, private zone model We proposed public and private zone
model which aims to realize user can protect own
information by himself User and service providers are defined as
agent Public zone: is a space for dynamic service
use and for executing trusted program Private zone: is a space for protecting private
information Security barrier: is defined between public
and private zone
![Page 8: Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi](https://reader036.vdocuments.us/reader036/viewer/2022082820/5697bf8c1a28abf838c8b80f/html5/thumbnails/8.jpg)
The overview of our model
publicpolicies
privacypolicies
security barrier
To other agents
get
publicpolicy
From other agents
public zone
registerprivate zone
clientprogram
interaction
access check
PrivateServices
PrivateServices
serviceprogram
PrivateServices
PrivateServices
privacyinformation
client program + attributesAgent
![Page 9: Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi](https://reader036.vdocuments.us/reader036/viewer/2022082820/5697bf8c1a28abf838c8b80f/html5/thumbnails/9.jpg)
publicpolicy
Public zone realizes dynamic service use
Service = client program + service program Client program: is executed by users Service program: is executed by the service
provider Public policy = client program + attributes
user
public zone public zone
service provider
serviceprogram
clientprogram
pair
1. get
3. communicatesecurity
barrie
r
client program + attributes
2. execute
![Page 10: Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi](https://reader036.vdocuments.us/reader036/viewer/2022082820/5697bf8c1a28abf838c8b80f/html5/thumbnails/10.jpg)
Private zone Privacy policy
permission: purpose the user allows to use it
trusted_prg: methods the user allows to use it
user
clientprogram
security b
arrier
private zone
privateinformation
privacypolicy
send private info
usage: purpose of useprocess: methods to use
permission ?
trusted_prg ?
trustedprogram
created from process and trusted_prgpublic zone
service provider
trustedprogram
send
use through trusted program
![Page 11: Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi](https://reader036.vdocuments.us/reader036/viewer/2022082820/5697bf8c1a28abf838c8b80f/html5/thumbnails/11.jpg)
Issues
How to create trusted programs ? How to protect trusted programs ? How to confirm the behaviour of
trusted program ? How to protect service providers
from trusted programs ?
![Page 12: Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi](https://reader036.vdocuments.us/reader036/viewer/2022082820/5697bf8c1a28abf838c8b80f/html5/thumbnails/12.jpg)
A way to create a trusted program Our model protects private information by the trusted
program which we prepare How to create trusted programs ?
To prepare the pattern which private information uses Service provider shows a process of private information
use User extracts places where uses private information from
the process User replace the place to his prepared pattern
payment (id, password){ String p = getPass (id); if (password == p){ assign the right of service use }}
payment (id, hashed-password){ String p = getPass (id); if (hashed-password == hash (p)){ give the right of service use }}
![Page 13: Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi](https://reader036.vdocuments.us/reader036/viewer/2022082820/5697bf8c1a28abf838c8b80f/html5/thumbnails/13.jpg)
Protection of the trusted program A trusted program are executed by service
provider The service provider can rewrite it easy
Necessary to prevent illegal program rewriting Anti-tampering devices Software obfuscation, mobile cryptographyanti-tampering
device
ks
trusted-prg
encrypted-prg
kpencrypted-prg
trusted-prgkp
service provider
user executeresult
![Page 14: Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi](https://reader036.vdocuments.us/reader036/viewer/2022082820/5697bf8c1a28abf838c8b80f/html5/thumbnails/14.jpg)
Confirmation of trusted program
The service provider checks private information by a trusted program The trusted program actually checks it?
Protection of service provider There is some possibility of acting as
malware Necessary to restrict trusted program
behaviours
![Page 15: Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi](https://reader036.vdocuments.us/reader036/viewer/2022082820/5697bf8c1a28abf838c8b80f/html5/thumbnails/15.jpg)
Conclusion We proposed the basic model for
private information protection Our model protects private information by
user’s trusted program User can protect private information by own
responsibility
But some issues are remained Difficult to solve these issues But, these are interesting challenges
![Page 16: Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi](https://reader036.vdocuments.us/reader036/viewer/2022082820/5697bf8c1a28abf838c8b80f/html5/thumbnails/16.jpg)
Thank you for your attention