Upload
estelconference
View
282
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Press Conference, Rome 21 Dec 2012. Pierangela Samarati, Milano University - Professor Department of Information Technologies
Citation preview
Security and Privacy inEmerging Aerospace Scenarios
Pierangela SamaratiDipartimento di Tecnologie dell’Informazione
Università degli Studi di [email protected]
ESTEL Conference presentationRome, Italy - December 21, 2011
c©Pierangela Samarati 1/14
The modern Information Society
• Computers, mobile smart devices, and space technology are atthe basis of the modern Information Society for enhancing thequality of life
• Space technology in ICT:◦ provide communications
◦ provide broadcast services
◦ deliver services (e.g., e-learning, e-health, e-commerce) to remoteregions
◦ observe the Earth (e.g., environmental monitoring, urban planning,disaster management)
◦ provide time and space localization (GPS)
◦ study near-Earth space and explore the solar system and thedistant universe
◦ . . .
c©Pierangela Samarati 2/14
Security in Aerospace Systems
Aerospace security
• Guaranteeing security requires protecting the aerospaceinfrastructure (satellites, planes, ground stations),communications, and applications, to ensure:
◦ integrity of data and resources
◦ confidentiality of information (privacy)
◦ availability (no denial of services)
c©Pierangela Samarati 4/14
Security techniques
• Some protection can be achieved by applying classicaltechniques, e.g.:
◦ authentication of users and devices
◦ access control
◦ firewalls
◦ antiviruses and intrusion detection systems
◦ encryption for protecting data in storage and communications
• In emerging scenarios there are new challenges, e.g.:
◦ integrity and privacy in data management
◦ privacy in location-based applications
c©Pierangela Samarati 5/14
Integrity and Privacy in Data Management
Integrity and privacy in data management
• The evolution of technologies for data management applies alsoto satellite and aerospatial data stored and processed at basestations
• Outsourcing data and services to external servers can provide
+++ significant cost savings and service benefits
+++ higher availability and more effective disaster protection thanin-house operations
=⇒ natural evolution to move to the cloud environment
• In addition to classical challenges, a major problem is:
−−− data are not under the data owner’s control
c©Pierangela Samarati 7/14
Privacy in outsourced and cloud environment
• Some data can be sensitive and cannot be known by partiesdifferent than the owner (honest-but-curious servers)
=⇒ need to identify what information is sensitive and protect itfrom the eyes of the storing and processing servers
◦ store and process data in encrypted form
− manage encrypted data, indexing for query execution, access controlenforcement, protect confidentiality of accesses
◦ break sensitive associations by storing data in the form of nonlinkable fragments
− e.g., association between an image taken by a satellite and thecorresponding location data
c©Pierangela Samarati 8/14
Integrity in outsourced and cloud environment
• External lazy/malicious servers can misbehave=⇒ data in storage can be compromised (e.g., altered data,
missed updates)
◦ digital signatures
◦ authenticated data structures
=⇒ queries might be not performed properly returning anincorrect or incomplete result
◦ authenticated data structures (e.g., Merkle tree)
◦ probabilistic approaches (e.g., data replications, marker tuples)
c©Pierangela Samarati 9/14
Privacy in Location-based Applications
Location-based services in the Information Society
• Location-based services are becoming part of our daily life
◦ positioning of objects and persons (e.g., car navigation via a GPSdevice)
◦ searching for information on objects or services on a map (e.g.,locating a specific supermarket)
◦ tagging resources with geographic information (e.g., geo-tags inTwitter)
=⇒ may raise privacy concerns
c©Pierangela Samarati 11/14
Privacy issues in location services
• GPS tracking devices may be used for safety and security reasonsand for monitoring users’ activities
X used to allow parents to keep track of their children’s whereabouts
X used for monitoring aging parents with Alzheimer’s disease
! used for physical surveillance for gathering information needed forinvestigations
! used by car rental companies for tracking their cars and chargingdrivers in case of agreement infringements
! used by employers for tracking the vehicles driven by theiremployees
−−− exploited by marketing companies for providing location-basedadvertisements
c©Pierangela Samarati 12/14
Privacy in location-based applications
• Different aspects:
◦ protect the identity of userslocated in specific positions(identity privacy)=⇒ enlarge the area to include
at least other k-1 users(k-anonymity)
protect the location of users (location privacy)=⇒ obfuscate the area so to
decrease its precision orconfidence
protect the location path of users (trajectory privacy)
=⇒ block tracking by mixingtrajectoriesc©Pierangela Samarati 13/14
Privacy in location-based applications
• Different aspects:
◦ protect the identity of userslocated in specific positions(identity privacy)=⇒ enlarge the area to include
at least other k-1 users(k-anonymity)
protect the location of users (location privacy)=⇒ obfuscate the area so to
decrease its precision orconfidence
protect the location path of users (trajectory privacy)
=⇒ block tracking by mixingtrajectoriesc©Pierangela Samarati 13/14
Privacy in location-based applications
• Different aspects:
◦ protect the identity of userslocated in specific positions(identity privacy)=⇒ enlarge the area to include
at least other k-1 users(k-anonymity)
protect the location of users (location privacy)=⇒ obfuscate the area so to
decrease its precision orconfidence
protect the location path of users (trajectory privacy)
=⇒ block tracking by mixingtrajectoriesc©Pierangela Samarati 13/14
Privacy in location-based applications
• Different aspects:
◦ protect the identity of userslocated in specific positions(identity privacy)=⇒ enlarge the area to include
at least other k-1 users(k-anonymity)
◦ protect the location of users(location privacy)=⇒ obfuscate the area so to
decrease its precision orconfidence
protect the location path of users (trajectory privacy)
=⇒ block tracking by mixingtrajectoriesc©Pierangela Samarati 13/14
Privacy in location-based applications
• Different aspects:
◦ protect the identity of userslocated in specific positions(identity privacy)=⇒ enlarge the area to include
at least other k-1 users(k-anonymity)
◦ protect the location of users(location privacy)=⇒ obfuscate the area so to
decrease its precision orconfidence
protect the location path of users (trajectory privacy)
=⇒ block tracking by mixingtrajectoriesc©Pierangela Samarati 13/14
Privacy in location-based applications
• Different aspects:
◦ protect the identity of userslocated in specific positions(identity privacy)=⇒ enlarge the area to include
at least other k-1 users(k-anonymity)
◦ protect the location of users(location privacy)=⇒ obfuscate the area so to
decrease its precision orconfidence
protect the location path of users (trajectory privacy)
=⇒ block tracking by mixingtrajectoriesc©Pierangela Samarati 13/14
Privacy in location-based applications
• Different aspects:
◦ protect the identity of userslocated in specific positions(identity privacy)=⇒ enlarge the area to include
at least other k-1 users(k-anonymity)
◦ protect the location of users(location privacy)=⇒ obfuscate the area so to
decrease its precision orconfidence
◦ protect the location path ofusers (trajectory privacy)=⇒ block tracking by mixing
trajectoriesc©Pierangela Samarati 13/14
Privacy in location-based applications
• Different aspects:
◦ protect the identity of userslocated in specific positions(identity privacy)=⇒ enlarge the area to include
at least other k-1 users(k-anonymity)
◦ protect the location of users(location privacy)=⇒ obfuscate the area so to
decrease its precision orconfidence
◦ protect the location path ofusers (trajectory privacy)=⇒ block tracking by mixing
trajectoriesc©Pierangela Samarati 13/14
Privacy in location-based applications
• Different aspects:
◦ protect the identity of userslocated in specific positions(identity privacy)=⇒ enlarge the area to include
at least other k-1 users(k-anonymity)
◦ protect the location of users(location privacy)=⇒ obfuscate the area so to
decrease its precision orconfidence
◦ protect the location path ofusers (trajectory privacy)=⇒ block tracking by mixing
trajectoriesc©Pierangela Samarati 13/14
Conclusions
• Space technology in ICT:
+++ enable new services and applications enhancing the quality of life
+++ promote social and economic development
◦ require addressing security and privacy issues to ensurecorrectness of applications and social acceptability
c©Pierangela Samarati 14/14