1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.
-
Upload
delilah-bellinger -
Category
Documents
-
view
216 -
download
0
Transcript of 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.
![Page 1: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/1.jpg)
1
Scott CADZOW, C3L for i-Tour
ITS – Challenges for privacy-security-safety
![Page 2: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/2.jpg)
2
Agenda and aim of seminar
• From the assertion that Intelligent Transport Systems will revolutionise society with aims to improve the safety of citizens when using any means of transport by leveraging the international communications network. – What is ITS intending to achieve? – How does ITS fit to the core human right of protection of
privacy? – What is the regulatory meaning of privacy?– How do you comply to privacy protection?– How can technology assist in privacy protection?
![Page 3: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/3.jpg)
3
Your speaker?
• Scott CADZOW– Expert and rapporteur for:
• TETRA security specifications• The suite of guidance documents for effective security standards development
– covering Common Criteria, Risk analysis, and security requirements engineering
• Frequent member and leader of Specialist Task Forces
– He is chairman of the ETSI ITS Security group and also its counterpart in ISO TC204.16
– Has been vice-chairman of ETSI Project TETRA WG6 (Security) and the TETRA Security and Fraud Prevention Group (SFPG)
– Has bee vice-chairman of the ETSI Lawful Interception group. – Has contributed ENISA reports on network resilience, supply chain
integrity, and on measures to counter internet bullying.
![Page 4: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/4.jpg)
4
Definition
• Privacy is defined as the right of the individual to have his identity and agency protected from any unwanted scrutiny and interference. – It reinforces the individual's right to decisional autonomy and
self-determination. • Privacy is a fundamental right protected by the Universal
Declaration of Human Rights and by various legislative orders including the EU Convention for the Protection of Human Rights and Fundamental Freedoms
![Page 5: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/5.jpg)
5
Some statistics
• Deaths on EU27 roads:– Dropped from 56,247 in 2000 to 34,500 in 2009
• Downward trend is persistent and ITS should aim to accelerate the trend
• Vehicles on EU27 roads:– Increased from 334/1000 inhabitants in 1991 to 473/1000 in 2009
• Assertion: Manufacturers want to continue this increase
• Public transport use:– Flat at 7% for train use in EU27– Flat at 9% for bus use in EU27
• Assertion: Directive wants this to change from flat to increase
![Page 6: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/6.jpg)
6
Some figures
• 1. Safety– Traffic carnage in the UK is estimated to cost 1% of GDP
(£18billion)• 2. Efficiency
– Congestion costs an estimated in 1% of EU total GDP or 100B€ p.a. (or £18billion in the UK alone)
• 3. Environmental sustainability– Transport accounts for 30% of total energy consumption in the
EU, with the vast majority being consumed by road transport.
![Page 7: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/7.jpg)
7
ITS network: a network of sensors
![Page 8: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/8.jpg)
8
What is the new thinking?
• Use vehicles as sensors• Use people as sensors• Use vehicles as computing nodes• Use people as data sources• Distribute knowledge
![Page 9: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/9.jpg)
9
What are the new problems?
• Use vehicles as sensors– Who does it give its sensor data to? Does it trust the receiver will use it well?
• Use people as sensors– What are you sensing? Is this going to come back and adversely affect me?
• Use vehicles as computing nodes– Is this realistic? How much excess computing power is a car maker going to
install?• Use people as data sources
– Not just sensor data but opinions too? • Distribute knowledge
– To whom and who pays?
![Page 10: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/10.jpg)
10
What can ITS do with data?
• Identify virtual communities– How people travel and for what may give travel
service providers better knowledge of how to ticket, how to schedule, how to better serve, different communities
• Provide data for recommender systems
![Page 11: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/11.jpg)
11
Top level objectives for privacy
• ITS has to meet the expectations of privacy established by:– OECD Declaration of Human Rights– EU Data Protection laws– EU Convention on human rights
• Privacy is a right and expectation and not a technology
![Page 12: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/12.jpg)
12
ITS aim: to improve safety
![Page 13: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/13.jpg)
13
Co-operative awareness
• Vehicles signalling their presence by radio– Where and what I am reported continuously for all to
hear– Short range radio (5.9GHz, 100mW transmitter, about
200m range)– Not cellular, no infrastructure assumed
• Every vehicle aware of every other vehicle in the local area– Raw data for collision avoidance and other applications
![Page 14: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/14.jpg)
14
Event notification messages
• Geo-routed indication of events– Crash, congestion, adverse weather …– Receiving vehicles forward the message within
and towards the affected geographic area• Broadcast over radio for all to hear
– 5.9GHz, low power, short range, no infrastructure• Intent is to warn other drivers and get them to
change their behaviour
![Page 15: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/15.jpg)
15
CAM and DENM and PII
• PII = Personal Identifying Information• CAM and DENM identify behaviour:
– Where a vehicle is– How it is being driven– Long term analysis may derive personal data:
• Start and end points of journey• Correlation to objects at end points of journey:
– house (home?), shop (socio-economic group?), church (religion?), school (family status?)
![Page 16: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/16.jpg)
16
Privacy concerns
• Transmitter has no knowledge of who receives the data
• Transmitter has no knowledge if the receiver is good (restricts processing to only ITS application) or bad (makes additional use of data)– Any potential for bad actors is bad and needs to be
designed out of the system
![Page 17: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/17.jpg)
17
Pseudonymity is not an answer
• pseudonymity: act of ensuring that a user may use a resource or service without disclosing its user identity, but can still be accountable for that use
• Many aspects of behaviour are carried in immutable data – i.e. data that cannot be made pseudonymous– CAM and DENM content– Network addresses– GeoLocations
![Page 18: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/18.jpg)
18
ITS aim: to improve environment
![Page 19: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/19.jpg)
19
• Give feedback to users about environmental consequences of their travel behaviour with a view to encourage change
CO2 – climate change
PM – air quality
European standard
Key pollutants
COPERT IV - model and databases of emission factors
![Page 20: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/20.jpg)
20
Emission calculation
Engine Fuel
Speed Outside temperature
- Gasoline- Diesel- LPG
- Passenger cars- Motorcycles- Mopeds- Vans / small trucks- Urban buses- Coaches
- Cold start- Hot start
Engine capacity
Fuel
Vehicle
Engine state
Emission standard
![Page 21: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/21.jpg)
21
Illustration Passenger carGasolineEngine technology year 2002Engine capacity of 1.5 litre
Travel distance 18.1 kmTravel speed 80 km/h
Cold startTemperature 20 oC
Fuel use 128 gPM emission 0.022 gCO2 emission 3592 g
![Page 22: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/22.jpg)
22
ITS aim: to reduce congestion
![Page 23: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/23.jpg)
23
Congestion problem
• People in location “A” want to get to location “B” at the same time as lots of other people– Transport network capacity insufficient to meet
demand• The “Dawkins” solution:
– Move/copy what everyone wants at “B” to “A”– Stagger the journey start times for all travellers
![Page 24: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/24.jpg)
24
ITS aim: encourage use of public transport
![Page 25: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/25.jpg)
25
• Objective: to develop a routing system capable to:– support multi-modal routing– handle real-time information– consider multi-criteria
evaluation functions– increase environmental
awareness of travellers– generate personalized advice– learn preferences of users
![Page 26: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/26.jpg)
26
Multimodal trips
![Page 27: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/27.jpg)
27
User specifies which modes are available
Uni-modal networks are inter-connected by transfer links
Supernetwork approach
Multiple unimodal networks supernetwork
![Page 28: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/28.jpg)
28
Time expanded method toaccount for time tablesof public transport
Time dependent method to account for congested travel times
Compiling the supernetwork
![Page 29: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/29.jpg)
29
Link costs function(to weight different factors)
C = β0+ T * β1+ T * α1 * β2+ T * α2 * β3+ T * α3 * β4
![Page 30: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/30.jpg)
30
Example of parametersMode Link type β0
Constant(min)
β1
Time weight
β2
Bad weather β3
Child β4
Time pressure
Foot Travel link 0 1 0.4 0.1 0
Bike Travel link 0 1 0.3 0.2 0
Bike Inter transfer link (in) 0 1 0.4 0.2 0
Bike Inter transfer link (out)
0 1 0.4 0.2 0
Car Travel link 0 1 0.1 0 0
Car Inter transfer link (in) 5 1 0.2 0 0
Car Inter transfer link (out)
0 1 0.2 0 0
Bus Travel link 0 1 0.2 0.1 0
Bus Intra transfer link (in) 3 1.1 0.3 0.1 0.2
Bus Intra transfer link (out)
3 1 0.3 0.1 0.1
Bus Inter transfer link (in) 3 1.2 0.2 0.1 0.2
Bus Inter transfer link (out)
3 1 0.2 0.1 0.1
Train Travel link 0 1 0 0 0
Train Intra transfer link (in) 0 1.1 0.3 0 0.2
Train Intra transfer link (out)
0 1 0.3 0 0.1
Train Inter transfer link (in) 0 1.2 0.2 0 0.2
Train Inter transfer link (out)
0 1 0.2 0 0.1
![Page 31: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/31.jpg)
31
Which Real-time data?
![Page 32: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/32.jpg)
32
Fast
Safety
No delays
Convenience
Low costEmission
Preferences
![Page 33: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/33.jpg)
33
Privacy and the protection of people
![Page 34: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/34.jpg)
34
What the regulation covers• data controller:
– natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data
• data processor: – natural or legal person, public authority, agency or any other body which processes personal data
on behalf of the controller• processing of personal data:
– any operation or set of operations which is performed upon personal data, whether or not by automatic means
• Examples of processing are collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
• data subject: – person who can be identified, directly or indirectly, in particular by reference to an identification
number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity
• data subject's consent: – any freely given specific and informed indication of his wishes by which the data subject signifies
his agreement to personal data relating to him being processed
![Page 35: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/35.jpg)
35
Requirements• Identify type of information/data users can upload and
access:– determine if private (identity revealing) or public data
• Trust-based access control mechanism allowing users to upload content– Can trust be private?
• Virtual user communities’ characteristics– Does this reveal data that would otherwise be private?
• Recommender system– How personal does it need to be to be effective?
![Page 36: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/36.jpg)
36
Protecting User Privacy• Privacy protection protects a
person. • A person is described by what they
do, where they do, when they do it, what they do it with, and with whom they do it
• ITS users share their activity with each other and with the system– Need to protect exploit of that data
by other parties
![Page 37: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/37.jpg)
37
Combination of technology & process
• Design for Assurance : Ensure that security provisions can be measured and evaluated
• Root is "Common Criteria for Security Assurance Evaluation" published as ISO 15408 and interpretation for standards development in ETSI EG 202 387
• Privacy by Design: adopt practices throughout the design, implementation and operation that maximise privacy
• identify data leakage• address the human element in system deployment• address the policies of the system users, maintainers & managers• consider end of life data disposal
![Page 38: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/38.jpg)
43
Protecting User Privacy - risk reduction
![Page 39: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/39.jpg)
44
Privacy, data protection and security
• Privacy is a fundamental right– Article 12 UDHR:
• No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks
– Article 8 EU Convention for the Protection of Human Rights and Fundamental Freedoms: Right to respect for private and family life
• Everyone has the right to respect for his private and family life, his home and his correspondence.
• There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
44
![Page 40: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/40.jpg)
45
Privacy, data protection and security
• Assigns rights to citizens on how data related to them is protected– Enshrined in law in Directive 95/46/EC of the European Parliament and
of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
– Supplemented by Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)
45
![Page 41: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/41.jpg)
46
Privacy, data protection and security
• Personal data– shall mean any information relating to an identified or identifiable natural person
('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity
• Processing of personal data– shall mean any operation or set of operations which is performed upon personal
data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction
• “data subject’s” consent– shall mean any freely given specific and informed indication of his wishes by which
the data subject signifies his agreement to personal data relating to him being processed 46
![Page 42: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/42.jpg)
47
Privacy, data protection and security
• The means to give assurance of the confidentiality, integrity and availability of data and services– Offers technical and procedural means to support regulation
• Security supports … – Privacy (Privacy Enhancing Technologies)
• COM(2007) 228 final: “COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on Promoting Data Protection by Privacy Enhancing Technologies (PETs)”
– Data protection
47
![Page 43: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/43.jpg)
48
Content privacy – user generated
48
![Page 44: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/44.jpg)
49
Content privacy – provided
49
![Page 45: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/45.jpg)
50
Content privacy – interactive sessions
50
![Page 46: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/46.jpg)
51
One person – multiple persona
51
![Page 47: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/47.jpg)
52
Consequences for ITS
• ITS carries personal data both directly and indirectly in all its variants:– Advanced Traveller Information Systems (ATIS)
• Location and route is personal information
– Advanced Traffic Management Systems (ATMS)– ITS-Enabled Transportation Pricing Systems
• Concessionary fares require exchange of personal data
– Advanced Public Transportation Systems (APTS) – Vehicle-to-Infrastructure Integration (VII) – ETSI
• CAM and DENM
– Vehicle-to-Vehicle Integration (V2V) – ETSI• CAM and DENM 52
![Page 48: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/48.jpg)
53
Wider concept
53
class IdentityBehav iour
Behav iourPerson
Location
Action
Time
happens at
consists of
takes place at
Determines
Exhibits
![Page 49: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/49.jpg)
54
User Privacy versus User security• Security is not a synonym for privacy
– But security techniques will give some protection of privacy
– Security techniques counter risk of
• Interception, Masquerade, Manipulation, Repudiation
![Page 50: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/50.jpg)
55
Protecting User Privacy
• Separation of identification and authorisation entities
– Anonymous at point of service delivery
– Identity and behaviour made non-linkable without collusion and difficult even with collusion
![Page 51: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/51.jpg)
56
Use case interactions for “authorisation” uc Actors
iTour-user iTour-Data-Prov ider
iTour-Portal-Operator
iTour-App-Dev eloper
InstallJVM
Jav aAppTester
Request use of Application
Validate authority to install
Validate authority to run
Define application
Prov ide proof of author and integrity of
application
Test and v erify application
Prov ide proof of authority to deploy
application
Install authority schema
Define Authority Schema
User-machine-prov ider
«precedes»
«invokes»
«invokes»
«precedes»
«precedes»
«precedes»
«include»
«precedes»
«precedes»
Prosumer relationship
Multiple authorisations
![Page 52: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/52.jpg)
57
Security technology protecting privacy
• Privacy shall be addressed from the perspective of security used as Privacy Enhancing Technologies (PETs).
• Security technologies are usually classified to the CIA model• The implementation will ensure control of:
– Security associations (specific links between objects)
– Confidentiality– Integrity – Authenticity
![Page 53: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/53.jpg)
58
Privacy protection measures
• Anonymity– Ensures that a user may use a resource or service without disclosing the
user's identity• Pseudonymity
– Ensures that a user may use a resource or service without disclosing its user identity, but can still be accountable for that use
• Unlinkability– Ensures that a user may make multiple uses of resources or services
without others being able to link these uses together• Unobservability
– ensures that a user may use a resource or service without others, especially third parties, being able to observe that the resource or service is being used
![Page 54: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/54.jpg)
59
Unlinkability
• The maximising of entropy between messages from the same source– Derived from Shannon’s work– Cryptographic hashing achieves much of the effect
but cannot be realised in broadcast network with real world data being transmitted
![Page 55: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/55.jpg)
60
Personal privacy – the i-Tour user
• New concerns in i-Tour– Group membership implied through
virtual community analysis may become personal data
– Recommendations through the recommender engine may become personal data
– Personalised travel services need knowledge of personal preferences
• Exploit of such data sets has to be minimised without properly traceable consent
![Page 56: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/56.jpg)
61
Trust• How does the service trust the network?• How does the content provider trust the service
platform?• Proposals being considered
– Keyed authorisation framework• Variant of X.509 based Privilege Management Infrastructure
(PMI) using lightweight IEEE 1609.2 certificates (underlying cryptography is elliptical curve)
• Elements of Kerberos ticket granting service too
– May allow greater trust from users of the core network– May act as a deterrent to SPAM, DDoS and other attacks
61
![Page 57: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/57.jpg)
62
i-Tour ontology for privacy class IdentityBehav iour
Behav iourPerson
Location
Action
Time
Priv ate data
Externally v erified data
Self asserted data
Preferences
PET
Identifier
RFID Tag
Tagged Item
Is protected by
Determines
takes place at
consists of
happens at
Controls release of
Exhibits
May imply
May be protected by
has an
May hold
Is identifiable with
May contain
May involve use of
Strong assertion
Aim is to weaken this assertion
Technology for protection
![Page 58: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/58.jpg)
63
Objectives from directives
From regulation
From analysis
![Page 59: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/59.jpg)
64
Protecting User Privacy• Need to demonstrate the
separation of identity and authorisation and unlinkability measures give privacy assurance
• Single and double blinding with strong assertions of community membership without revealing real identity (thus minimising privacy exploits)
![Page 60: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/60.jpg)
65
Closing acknowledgements
• Partners in the i-Tour project• Colleagues in the ETSI ITS standards groups• Funding from FP7
![Page 61: 1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cab5503460f9496c541/html5/thumbnails/61.jpg)
66
Questions