Notes Seduction by Technology: Why Consumers Opt Out of Privacy ...
Security, Privacy, and Trust · · 2012-04-18Select a topic and study it Write a short report...
Transcript of Security, Privacy, and Trust · · 2012-04-18Select a topic and study it Write a short report...
Seminar 4 CP, summer term 2012
Florian Volk [email protected]
based on last year‘s slides from Dr. Leonardo Martucci
Security, Privacy, and Trust
What? Read and analyze current scientific
publications
Topics: Security, Privacy, Trust
Florian Volk, Telekooperation 2
General Information
How? Select a topic and study it
Write a short report
Review other reports
Present your report
Who? BSc, MSc and Diploma students from Computer Science
Electrical Engineering
and related areas
Florian Volk, Telekooperation 3
General Information
Why? Introduction to a resarch area
Learn to read and analyze scientific material
Present your evaluation
When? April 17 (today) Introduction Topic Presentation Tutorial: Working with Literature
April 24 Topic Selection
June 10 First version of your report (for the review)
June 17 Deliverable of the reviews
July 01 Final version of your report
July 05 (13:00) Presentation of your work
Meetings with your advisor (optional)
Language? English or German Also depends on advisor
1. Pick a topic, read the provided literature
and find more literature
2. Write an overview or state-of-the-art report
3. Peer-Review process
Your report will be reviewed by a colleague (and by your advisor)
You will review a colleague‘s report
4. Correct your report following the reviewer‘s
comments
5. Give a presentation on your report
Florian Volk, Telekooperation 4
5 Steps to Success
Read
Literature
Write Report
Peer review
Correct Report
Presentation
enough
Yes
No
You get 4 graded credit points for Your report: 4-5 pages (max!) IEEE transactions style paper
Your participation in the review: both active and passive
Your presentation: 15 minutes + discussion
Florian Volk, Telekooperation 5
Evaluation and Grading
You need to pass all parts!
60 %
Report
15 %
Review
25 %
Presentation
4 CP Seminar with topics on Security, Privacy, and Trust
Deadlines Topic Selection: April 24
Report‘s 1st version: June 10
Review: June 17
Report‘s final version: July 01
Presentation: July 05
Florian Volk, Telekooperation 6
At a Glance
www.tk.informatik.tu-darmstadt.de/ de/teaching/sommersemester-2012/ seminar-telekooperation-s3/ [email protected]
8
How to gossip via Face Book?
Online Social networks are popular and helpful to stay in contact
with buddies, yet they do bear some risks in terms of privacy
You want to share with your (some) friends,
but not with the provider?
You want to share with mankind,
but not with robokind?
You want to gossip?
Goal: Survey on current soft security add ons for social networks
9
History: Privacy Paradigms
Privacy is a soft term and cannot be translated
into math directly. Paradigms can help to
describe the translation process.
Privacy as confidentiality
My privacy is preserved if my
sensitive data is not leaked
Privacy as control
My privacy is preserved if I can
control to whom I release it
Privacy as praxis
My privacy is preserved if I know
what happens to my data
Goal: Comparison and Background of
these paradigms
10
Smart Grids: Enhancing Privacy
Smart Grids: modernization of electrical systems enhances users’ monitor, control and prediction
BUT
raises new security & privacy concerns
Different privacy strategies are now being considered: Aggregation of consumers’ data
Battery-driven approaches
Trusted-third parties
Goal: Overview of one of the aforementioned strategies
11
Comparison of methods to measure IT-Security implementation
Showing the economic benefit of IT-Security by design over post-hoc IT-Security implementation
Goal: Survey methods to measure
IT security implementation effort
Classify and compare the found methods
12
Survey: Privacy protection in WSNs
Wireless Sensor Networks (WSNs)
Many sensor devices
Even yours
Collection of sensitive data
Should not be linkable to you
Some basic approaches are known for protecting privacy:
Secure Aggregation
Calculate results close to sensor
Raw values are never disclosed
Slicing & Mixing
Slicing, garbling, exchange between nodes
Origin is never disclosed
Goal: Survey state-of-the-art mechanisms for protecting privacy in WSNs.
13
Comparison: Privacy Policy Languages
Privacy policies control the usage of data, e.g.:
What is stored? Who can access it?
And when it has to be deleted?
Several languages exist:
P3P – Privacy Preferences Project
EPAL – Enterprise Privacy Authorization Language
XACML – eXtensible Access Control Markup Language
But which one is best and what are the differences?
Goal: Search for, explain and compare privacy policy languages
14
Survey: Privacy-preserving Data Mining
Data Mining is the discipline of discovering knowledge in databases
But it is also a threat to your privacy:
Disclosure of identity
Association of sensitive attributes
Linking of records and across DBs
Very old approaches exist
But also hot topic in Cloud Computing
New solutions are hitting the surface
Goal: Overview and comparison of data mining approaches that protect privacy
15
Open focus: Private P2P Communities
Communities in Peer-2-Peer networks
Group nodes/persons by interests, e.g.:
Location = Darmstadt
Asthmatic = true
Sensitive
Dynamic network (joins and leaves) – scalability
Bazillions of interest combinations
Big challenges
How to join/leave w/o disclosing interest?
But we need control structures in P2P
How to route events w/o requiring many overlays?
No message disclosure outside community
Goal: Assess overlay & routing technologies against privacy, survey privacy for P2P communities, …
16
P2P-based Intrusion Detection
Intrusion Detection Systems (IDS) attempt to automatically detect ongoing attacks on a system/network via
Outlier detection
Pattern matching
Problems with accuracy, scalability, efficiency
Collaborative / P2P-based IDS
More effective
Sharing of resources and thus more scalable
Protection of large networks
Better view on global attack activity
Goal: Overview and comparison of P2P-based Intrusion Detection Systems
Copyright © 2008 UC Regents. all rights reserved
17
Network-based Covert Channel Attacks
Covert or hidden channel attacks
Masking traffic on its way through a network by providing confidentiality and anonymity
Stealing confidential data (e.g., bypassing IDS systems) or hiding from censorship
For example via
Making use of unused bits in IP-Header
Encoding data via inter-packet delays (sending packets in Morse code: . packet _ no packet)
Identification of covert channels
Non-Interference Analysis, Covert Flow Tree, etc.
Countermeasures
Traffic normalization, limiting packet rate, etc.
Goal: Classification of Covert Channel Attacks, strategies to discover them and countermeasures
18
Distributed Algorithms for the Smart Grid
Smart Grids to closely link energy production, energy distribution networks and consumers
Consumers as energy producers (photovoltaics, wind, water, etc.)
Current proposals rely on central authorities for coordination
→Bottlenecks and SPoFs
Distributed algorithms for the Smart Grid
Locally redistribute energy from producers to consumers
Removing bottlenecks and SPoFs
Keeping energy and data locally
Goal: Overview, classification and comparison of distributed algorithms and protocols in current proposals for the smart grid
19
From Reputation to Trust: Getting a Trust Score out of Reputation Info
Reputation models track behavior and provide information its distribution
E.g. how many 1-star, 2-star and 3-star ratings a product gets
Ranging from binary to continuous ratings
Trust models generally use a ranking criterion to compare trust scores
E.g. to find the best product
Goals:
Survey a number of existing trust models (and real-world reputation systems)
Discuss how they transfer reputation information into a trust score (e.g.by averaging)
Opinions on
Recommenders
Opinions on
Providers
INTERACT
SomeProvider, Inc
Certainty Reputation
Score
0.25 0.75
0.75
0.66
0.83
0.75
0.51
0.96
A
20
Data Mining Techniques for Trustworthiness Prediction
Data mining is an active research field in economics and information systems... How can its techniques (e.g. time series analysis) be
applied to predict how “good” a product is or how trust- worthy a seller will be?
What kind of data can be used as an input to trust computation? Indicators of trustworthiness
Implicit data, trends, etc.
Goals:
Provide an overview of different data mining techniques for prediction (e.g., show how cool linear regression can be, or neural networks, or clustering for trust prediction)
21
Reputation-based Trust: Propagation of Reputation in Distributed Systems
The reputation of an entity is what a “community” thinks of it. The common knowledge is vast!
But it is difficult to tap!]
In distributed systems, no central authority “knows it all” Reputation is mediated through who you know,
Reputation depends on who you trust.
Goals:
Provide an overview of different trust propagation mechanisms (and real-world reputation systems, or generic reputation spreading phenomena, e.g. multiplicators)
Evaluate criteria and provide a comparison (for instance by instantiating it with an example setup)
22
Survey: (Web) Service Composition
Several services can be combined to form a new service
Such compositions rise questions about the composite’s quality, reliability, …
How can this information be derived?
Goal: Classify different service compositions
and survey strategies to derive information about composites from their components
„Jennifer Aniston“
Sherman Oaks
23
The Internet of Services
The Future Internet is based on interacting services
Questions:
What is the Internet of Services?
How will it be?
Which technologies might be used?
How does it relate to the Internet of Things?
Goal: Survey literature about the Future Internet
Collect and organize answers to the above questions
Erik Wylde, University of Berkeley
1. How to gossip via Face Book (Stefan Schiffner)
2. History: Privacy Paradigms (Stefan Schiffner)
3. Smart Grids: Enhancing Privacy (Fábio Borges)
4. Comparison of methods to measure IT-Security implementation (Golriz Chehrazi)
5. Survey: Privacy protection in WSNs (Jörg Daubert)
6. Comparison: Privacy Policy Languages (Jörg Daubert)
7. Survey: Privacy-Preserving Data Mining (Jörg Daubert)
8. Open focus: Private P2P Communities (Jörg Daubert)
9. P2P-based Intrusion Detection (Mathias Fischer)
10. Network-based Covert Channel Attacks (Mathias Fischer)
11. Distributed Algorithms for the Smart Grid (Mathias Fischer)
12. From Reputation to Trust: Getting a Trust Score out of Reputation Info (Sascha Hauke)
13. Data Mining Techniques for Trustworthiness Prediction (Sascha Hauke)
14. Reputation-based Trust: Propagation of Reputation in Distributed Systems (Sascha Hauke)
15. Survey: (Web) Service Composition (Florian Volk)
16. The Internet of Services (Florian Volk)
Florian Volk, Telekooperation 25
Overview on Topics
by
Leonardo A. Martucci
Sascha Hauke
proudly presented and edited by
Florian Volk
How to work with Literature and write Scientific Material
CONTENT
What’s a scientific publication?
Finding (good) references
Correct referencing
Writing your own paper
Reviewing papers
*parts of this slide set are based on material provided by Guido Rößling
Basically a message With scientific background
Offer a new insight of a scientific problem
(solution)
OR a survey of a research field
The message is a claim That needs to be evaluated
AND validated
Leonardo Martucci - Telecooperation
What’s a scientific publication?
28
Books Surveys (mostly) about a topic
Theses Doctoral dissertations and Master theses
Very focused scientific work and finding
Articles and Papers Articles appear in Journals
Papers in Conferences, Symposia, Workshops
New findings and concepts
Leonardo Martucci - Telecooperation
How does a publication looks like?
29
Standards and RFC Define the common ground
Thoroughly reviewed
Published by a standardization body
Technical Reports A focused scientific work
White papers published by vendors
Sometimes biased
Not reviewed
Leonardo Martucci - Telecooperation
How does a publication looks like?
30
Journal Articles Quality mostly depends on the Journal
Good Journal Good Article
Sometimes articles are outdated
Conferences and Symposia Quality is usually connected to the Conference
Good Conference Good Paper
The most recent research achievements
Workshops Mostly for work in progress
Good for discussing new ideas
Leonardo Martucci - Telecooperation
Articles and Papers
31
Standards relate to a given technology ITU-T standards
ITU is the UN agency for ICT standards
ITU-T defines standards for telecom
e.g. the X series
IEEE standards
Industrial standards, including ICT
e.g. IEEE 802 standard family
IETF
Internet related standards i.e. RFC
e.g. IP addressing scheme
TCP, TLS protocols, routing
Always pay attention on the RFC status
Leonardo Martucci - Telecooperation
Standards and RFC
32
Refer back to the original source of information For others to identify the foundations of your work
Giving credit, when credit is due
Not doing so is REALLY bad practice
aka plagiarism
Grundregeln der wissenschaftlichen Ethik am Fachbereich Informatik
Leonardo Martucci - Telecooperation
References and Referencing
33
Scientific publications Articles, papers, books
Standards RFC, ITU, IEEE, W3C, etc.
+ All other non-scientific sources Surveys
Magazines
Reports
Can I reference Wikipedia?
or any other online material?
YES, but mind: not reliable (or stable) information sources
Leonardo Martucci - Telecooperation
What should I reference?
34
First, define the message Objective of your publication
define the area of research
Read the related work Define the work around your work
Finding out what has been done
Implement your idea Evaluate your idea
Validate your idea
Write your publication
Leonardo Martucci - Telecooperation
Writing a Scientific Publication
Survey the related work Evaluate differences
Identify trade-offs
35
Finding the message The most difficult part (!)
Also, the creative one
going beyond the state of the art
A message that needs science Scientific foundations + challenges
can be found in the related work
Leonardo Martucci - Telecooperation
Your Work, Your Message
!
36
Related Work? Where? For the initial literature ask a researcher in the field
it will give you a broad idea about the area
Check publication repositories
ACM Digital Lib http://portal.acm.org/portal.cfm
IEEE Xplore http://ieee.org/portal/site
Google Scholar http://scholar.google.com
Academic Search http://academic.research.microsoft.com/
Conference directories http://dblp.uni-trier.de/
Authors’ home pages
Other sources from the reference lists
REPEAT
Leonardo Martucci - Telecooperation
Related Work? Where? How?
37
Related Work ∞ Identify the relevant sources
Evaluating the importance of a publication
1. Read the abstract
2. Check the reference list
3. Read the conclusions
4. Read the rest
Related work will Compare your results against their results
Be used as input for a survey
Leonardo Martucci - Telecooperation
Related Work and Relevance
Good
Good
Good
Paper Read
Next Paper
No
Yes
Yes
Yes
38
A reference looks like this:
there are also other reference styles
Leonardo Martucci - Telecooperation
Referencing: doing it right
authors
title
how was it published (proceedings) publisher date page number
39
Complete entries using BibTeX DBLP (Uni-Trier), ACM Digital Library, etc.
In the text, you just need to use: \cite{MartucciKAP08}
Leonardo Martucci - Telecooperation
Referencing with BibTeX
@inproceedings{MartucciKAP08, author = {Leonardo A. Martucci and Markulf Kohlweiss and Christer Andersson and Andriy Panchenko}, title = {Self-certified Sybil-free pseudonyms}, booktitle = {WISEC}, year = {2008}, pages = {154-159}, ee = {http://doi.acm.org/10.1145/1352533.1352558}, crossref = {wisec/2008} } @proceedings{wisec/2008, editor = {Virgil D. Gligor and Jean-Pierre Hubaux and Radha Poovendran}, title = {Proceedings of the First ACM Conference on Wireless Network Security, WISEC 2008, Alexandria, VA, USA, March 31 - April 02, 2008}, booktitle = {WISEC}, publisher = {ACM}, year = {2008}, isbn = {978-1-59593-814-5} }
40
Always have a good paper structure Organize your ideas
Organize your papers
Define it BEFORE starting to add text
Plan the content of each section
Writing skills No one learns without doing it
General Guidelines:
Be concise
Be precise
Leonardo Martucci - Telecooperation
Structure is the Key!
42
Peer-reviews Peers review your work and verify its general quality
Evaluate the work before being published
Offer suggestions to improve the work (!)
How’s quality defined in a publication?* Novelty
Soundness
Evaluation + Validation
Completeness
Readability
Leonardo Martucci - Telecooperation
Peer-reviews
* it sometimes depends on the venue
44
What to write Positive and negative aspects of the work
Constructive criticism (if possible)
Offer suggestions to improve the paper
e.g. + literature
Suggest an overall evaluation of the work
It is NOT the reviewer’s work to correct the publication!
to point typos (unless if it is one or two)
Leonardo Martucci - Telecooperation
Writing a Review
45