Privacy with Secondary Use of Personal Information

0 downloads 0 Views 5MB Size Report
Mar 8, 2016 - Telemedicine. Insufficient information in real-time for response and recovery ... SINET 5: Cloud Computing with PKI and Marketplace.
Privacy with Secondary Use of Personal Information MKWI 2016 Sicherheit, Compliance und Verfügbarkeit von Geschäftsprozessen March 9, 2016, Ilmenau, Germany Dr. Sven Wohlgemuth (Visiting Researcher Goethe Universität Frankfurt, Germany) Dr. Kazuo Takaragi (National Institute of Advanced Industrial Science and Technology, Japan) Prof. Dr. Isao Echizen (National Institute of Informatics, Japan)

The Great East Japan Earthquake Insufficient information in real-time for response and recovery

Refugee

Helper

Physical Cyber SINET 4: Cloud-type services for > 700 organizations

National academic ICT infrastructure (SINET) was available 03.08.16

Privacy with Secondary Use of Personal Information

Telemedicine

2

Urushidani and Aoki 2011, JAISA 2015

Agenda I.

Resilience and Safety

• Lessons learned • Safety: A Zero-Knowledge Proof?

II. Towards Provable Safety

• Language-Based Information Flow Control • Language for ICT Resilience

III. Proof System for ICT Resilience

• Zero-Knowledge Proof with Open Data • Cryptographic Building Blocks

IV. Looking for Partners! 03.08.16

Privacy with Secondary Use of Personal Information

3

I. Resilience and Safety Resilience by predictive IT risk management with personal data

Helper

Refugee OCT(Optical Coherence Tomography) Eye

Oral

Physical Cyber

Esophagus

Brain

Trachea

Kostadinka Bizheva, et al., J. of Biomedical Optics, July/ 2004 Vol.9 No.4 Courtesy of Tsukuba Univ. Petra Wilder-Smith, et al. J. of Biomedical Optics Sep/ 2005 Vol.10 No.5

Cardiovascular

Tooth

Pancreas

Pier Alberto, et al. J Pancreas (Online) 2007 Vol.8 No.2

Guillermo J. Tearney, et al. J. of Biomedical Optics Mar/ 2006 Vol.11 No.2

Kidney

Z.P.Chen, et al., Opt. Express, Aug/ 2007 Vol. 15 No. 16

Alexander Popp, et al., J. of Biomedical Optics, Jan/ 2004 Vol.11 No.1

Cervix

Matthew Brenner, et al., J. of Biomedical Optics, Sep/ 2007 Vol.12 No.5

Cochlea

Fangyi Chen, et al., J. of Biomedical Optics, Mar/ 2007 Vol.12 No.2

Colon

Stomach Bladder Yonghong He, et al. J. of Biomedical Optics Jan/ 2004 Vol.9 No.1

Lung

Yu Chen, et al. J. of Biomedical Optics Sep/ 2007 Vol.12 No.3

Skin Ying T. Pan, et al. J. of Biomedical Optics Sep/ 2007 Vol.12 No.5

Ilya V. Turchin, et al., J. of Biomedical Optics, Nov/ 2005 Vol.10 No.6

Blood flow

Alexandre R. Tumlinson, et al., J. of Biomedical Optics, Nov/ 2006 Vol.11 No.6

Bone

Bradley A. Bower., J. of Biomedical Optics, Jul/ 2007 Vol.12 No.4

図:santec株式会社提供資料より

Ground Truth

santec confidential 16 Application to Biometrics:
 SS-OCT System Inner Vision Non-invasive measurement of iris, retina, fingerprint, vascular image under skin.

5

SINET 5: Cloud Computing with PKI and Marketplace 03.08.16

Privacy with Secondary Use of Personal Information

Urushidani et al. 2015, JAISA 2015

4

Telemedicine

Requirements on Safety Personal Risk Management • Just-in-time scalable knowledge creation from data • Transaction-specific safety • Optimizing user’s risk with data minimization JAISA 2015

User-centric safety (Completeness)

User-centric safe information flow

Integrity of computation (Soundness)

Compliance • End-to-end security • Declassification • Adequate risk management with authentic reporting • Accountability and penalty HIPAA, (J-)SOX, KonTraG, EU GDPD, Japan Personal Information Protection Law

03.08.16

Privacy with Secondary Use of Personal Information

5

Safety: A Zero-Knowledge Proof? Primary use

Secondary use

...

... Data consumer

d Data provider /consumer

Data provider

d, d*

Data consumer /provider

• Multilateral security ⇒ User-centric safe information flow • Vulnerability in real-time by inevitable, hidden dependencies

03.08.16

Privacy with Secondary Use of Personal Information

6

Safety: A Zero-Knowledge Proof? Primary use

Secondary use

...

... Data consumer

d Data provider

Data provider

d, d*

Data consumer /provider

• Multilateral security ⇒ User-centric safe information flow • Vulnerability in real-time by inevitable, hidden dependencies

Safety by obscurity – No reliable statement on information 03.08.16

Privacy with Secondary Use of Personal Information

7

Safety: Decidability State-of-the-art: ISO 270xx, IETF AAA (access control) General security system

...

... Data consumer

Data provider

d

?

Data provider /consumer

d, d*

Data consumer /provider

Enforcement

o1 = d

o2 = d*



s1

own, r, w

? own, r, w ?

s2

r, w

own, r, w

s3

? r, w ?

r



Hamlen et al. 2006

Harrison et al. 1976

Decidability on safety in general ⇒ Halting problem of Turing Machine

Probability of a correct statement on safety in the future = 50% 03.08.16

Privacy with Secondary Use of Personal Information

8

Threat to Completeness • •

Information flow from different sources in real-time Aggregation of anonymized personal data Explicit/friendship Bob

David Implicitly assumed friendship

Sweeney 2002 Jernigan and Mistree, 2007

Loss of control on confidentiality (of honest prover) 03.08.16

Privacy with Secondary Use of Personal Information

9

classification error (7 vs 1)

structure of the optimal solution.

0.4 validation error testing error

Another direction for research is the simultaneous optimization of multi-point attacks, which we successfully 0.3 approached with sequential single-point attacks. The 0.25 first question is how to optimally perturb a subset of 0.2 the training data; that is, instead of individually opti0.15 mizing each attack point, one could derive simultaneous steps for every attack point to better optimize their 0.1 Knowledge creation from personal data by secondary use overall e↵ect. The second question is how to choose 0.05 “Faulty” data increases error probability of machine learning the best subset of points to use as a starting point 0 0 2 4 6 8 for the attack. Generally, the latter is a subset selec% of attack points in training data Supervised machine learning machinemay learning tionUnsupervised problem but heuristics allow for improved ap(e.g. SVM) (e.g. PCA) we demonstrate that even proximations. Regardless, Single Poisoning Period: Evadingstrategies PCA non-optimal multi-point attack significantly classification error (9 vs 8) 0.4 10 degrade the SVM’s performance. validation error 0.35

0.05 0

0

2 4 6 % of attack points in training data

classification error (4 vs 0)

0.4 0.35

03.08.16 0.3

0.25

8

0.8

1.0 0.8 0.6 0.4 0.2

0.1

Evasion success (average test FNR)

0.15

0.0

0.2

0.6

0.25

Uninformed Locally−informed Globally−informed

Bo

An important practical limitation of the proposed method is the assumption that the attacker controls the labels of the injected points. Such assumptions may not hold when the labels are only assigned by trusted sources such as humans. For instance, a spam filter uses its users’ labeling of messages as its ground truth. Thus, although an attacker can send arbitrary messages, he cannot guarantee that they will have the labels necessary for his attack. This imposes an ad10% 20%that 30% 40% 50% ditional0%requirement the attack data must satisfy0 Mean chaff volume certain side constraints to fool the labeling oracle. FurBiggio et al 2012; Huang et al 2011 ther work is needed to understand these potential side Figure 3: Effect of poisoning attacks on the PCA-based detector [36 constraints and under to incorporate themPeriod into attacks. relative chaff volume Single-Training poisoning attacks Evasion success (FNR)

0.3

0.4

testing error

0.2

0.35

0.0

• •

1.0

Threat to Soundness

Loss of control on classification (of honest verifier) (dotted black line) locally-informed (dashed blue line) and globally-in validation error testing error

Theoffinal would to incorporate the realsuccess PCAextension under Boiling Frogbe poisoning attacks Privacy with Secondary Use of Personal Information 10 in terms of the

of locally-informed for four different poisoning schedules world inverse poisoning feature-mapping problem; that is, the ( size of the poisoning by factors 1.01, 1.02, 1.05, and 1.15 respectively).

problem of finding real-world attack data that can

II. Towards Provable Safety Status Quo: Language-based information flow control Rigorous

In Practice

Natural Language Policy

HIPAA, (J-)SOX, KonTraG, 95/46/EC, JP PII Protection Law, …

ISO/IEC 270xx, BSI ITBaseline Protection, IETF AAA, NIST SCAP

High-Level Policy Language

Take-grant, type-safety, lattice-based access control, obligations

Enforcement classes, Ponder, ExPDT

Intermediate-Level Security Policy Flow Graph

Decentralized trust management

Social/knowledge graph, sticky policies secure delegation of rights

Low-Level Enforcement

Identity, cryptography, safe public directory, monitor, proof-carrying code

Computational complexity, PKI, virtualization, testing ZKP-carrying information

03.08.16

Privacy with Secondary Use of Personal Information

11

cf. Sandhu 1993, Myers and Liskov, 1997; Schneider, Morrisett and Harper, 2001; Sabelfeld and Myers, 2003

Natural Language Policy High-Level Policy Language

Special Cases for Safety Take-grant S1: u

S3: w

S2: u

Intermediate-Level Security Policy Flow Graph Low-Level Enforcement

Lattice-based Access Control O: o

Type-safety S1: u

S3: v

S3: w

S2: u

• Symmetric access tree Error propagation

• Strict order Role change of secondary use

• Safety if trees are separate

• Availability of data by declassification

Joined by Ground Truth

Ext.: Reliable ”Big Brother” Int.: Error propagation

S3: v

Sandhu 1992

Sandhu 1993

Lipton and Snyder 1977

O: o

• Acyclic graph Role change of secondary use • x