This week we welcomed our newest software engineer, Isabel Peters, to AetherWorks. In this post she discusses the tradeoff between security and privacy, an area related to her recent Masters project at Imperial College London. She previously studied at the University of St Andrews.
As we store more information digitally, the dangers of data theft are increasingly serious. Do you know how your data is secured?
We live in a digitized world where almost every kind of transaction requires some form of computational data handling. For example, virtually any online purchase requires a user to enter personal information including their name, home address, and credit card information. This information is often necessary – whether for online purchases, for gaining access to restricted buildings, or for border control.
The movement of data into a digital format in some ways allows companies to greatly improve our lives, as we can process information more effectively and efficiently. On the other hand, this also means that our privacy can be breached in many new ways, such as with identity fraud, Internet scams and other types of cyber-crime.
The threat from cyber-crime requires new levels of security. To increase protection of sensitive data sent through the network, security weaknesses have been fixed and message encryption techniques have been added to standard protocols, though they still need to be revised and updated periodically, such as with IPSec and TLS.
In the courts, extensive digital disclosure of personal data has emerged as a new challenge to the notion of privacy. The main issue is that ‘technology is fast and the law is slow’. For example, the term ‘privacy’ is nowhere to be found in the US Constitution to date and non-disclosure policies are mostly completely voluntary for organizations. This is a dilemma for the consumer who wants to use online services but may be subject to unwanted collection and usage of personal data. For these reasons many people are wary of storing data in the cloud.
How is your data secured?
There are different types of protection mechanisms for information stored on a computer or sent through a network. First of all, data that is stored on disk or sent through a network can be protected with cryptography. This is the application of mathematical techniques to design ciphers and encrypt plaintext in such a way that it is hidden to anyone without the cipher key attempting to read it. The degree of security largely depends on the ‘strength’ of the cryptographic cipher, which is determined by both the cryptographic algorithm and the size of the cryptographic key.
For instance, Triple-DES encrypts each data block three times using DES (Data Encryption Standard) and was initially believed to be sufficiently secure using a key-size of 56 bits. However, the US Government now recommends key-sizes between 80 to 120 bits because the previous version became vulnerable to brute-force attacks as a result of increased computational power. Other encryption algorithms currently approved by the by the US government (National Institute of Standards and Technology) include SKIPJACK (80 bits) and AES (128, 192, 256 bits).
Ultimately the factors that determine the optimal choice of the encryption technique and the size of the key depend on its purpose, the sensitivity of the data, and also on the computational resources and available time of the organization and/or individual who will use it .
How is your data accessed?
If a user has managed to encrypt their data, they still need a means of accessing it, while still ensuring that no-one else is capable of doing the same thing. Access to data can be managed through various mechanisms. For example, a database can be restricted by an authentication system that uses a type of ‘authenticator’. Authenticators can be:
- Knowledge-based, such as a password or a ‘secret’ question such us “What is your pet’s name?”
- Object-based, such as a physical possession of a token that grants access to a resource such as a metal key to an apartment
- ID-based, referring to authenticators that are unique to the individual such as a passport. For example, a special type of ID-based authenticator is an individual’s biometric, such as the human iris.
What makes biometrics extremely secure is its complete uniqueness to every human individual , but many people have doubts about such technology because it requires them to give away a very personal, unique, and unchangeable identifier. Whereas a compromised password can be reset, a stolen biometric is irreplaceable, making it particularly sensitive and vulnerable. This represents a key trade-off between privacy and security.
The dilemma: Privacy vs. Security
As attackers become more sophisticated and begin to understand security systems, and computational power increases, our security requirements must become more stringent. Recent trends show that people are relinquishing more private information in favor of security and self-protection . Consequently, the continuously growing connectivity and the need for data storage are in constant and increasing conflict with people’s privacy concerns. This constitutes a predicament highlighted by President Obama: that “We can’t have 100% security and also then have 100% privacy and zero inconvenience” .
“We can’t have 100% security and also then have 100% privacy and zero inconvenience” – Barack Obama.
What are the implications of this shift?
As the demand for personal information increases, people will face increasingly stark choices between security and privacy. As a user of a system it’s important to figure out what is important to you.
New storage solutions must be designed to store sensitive information, and to follow the laws and standards on security and data encryption of the present day. Despite this, legal frameworks are still lagging behind, and there is an urgent need for new laws and standards that restrict the voluntary collection and abuse of user data, and protect users from the illegal distribution of such information on the internet.
However, we also have to accept and understand that in order to provide a certain level of security (e.g. at the airport) sensitive data must be captured and stored. In recent years interesting projects, such as the PrimeLife  project, have emerged, introducing new concepts and developments with regard to privacy and identity management, but there is still work to be done .
There is an onus on individuals to understand and accept how their data is protected, and on companies to produce products with an adequate degree of protection against modern threats to data security.
 The iris, for instance is one of the most widely deployed biometrics due to the stability of the human-eye over a life-time, its good protection from the environment and most importantly, its great mathematical advantage, given its excess of up to 266 degrees of freedom (the number of parameters that may vary independently).
 In a survey performed by the Joseph Rowntree Reform Trust 65 % of the respondents said that collecting information about citizens on large computer systems is a bad idea. 83% did not approve the access to phone, mail and Internet browsing records by the government (source).