Cybersecurity and Privacy

Introduction

In today’s world, private individual’s data are being collected, processed, and disseminated far and wide to persons unknown.??The potential harms of such widespread use of private information range from physical or psychological damage to individuals, to political and economic impacts. Privacy is not only about confidentiality. It includes issues such as freedom of speech and individual autonomy.

This article discusses systems that will protect users’ privacy. It covers the identification of privacy problems, their technical description, and technologies that??eliminate or at least mitigate those problems.

The primary goals of privacy-preserving systems are to increase trust and minimize risk. These goals are achieved by disclosing as little as possible, collecting as little as possible, minimizing the replication and retention of data, cutting down on linkages between data, and avoiding centralization of data. Strategies such as these constrain the flow of information to parties other than those intended to receive it. It limits the number of places where data is stored or processed, avoids a single point of??potential fraudulent or adversarial attack, and limits the amount of time that the information is stored.

While still allowing information exchange, privacy technologies implement these strategies and preserve the integrity of the system. The first step in choosing a privacy technology is to identify the data flows that need to be minimized, and the minimum amount of information that needs to be transferred. Minimizing information flow might be keeping data within a firewall, encrypting the data, using cryptography, obfuscating, or anonymizing the data.

There are two main approaches to achieving?data privacy. The first is data confidentiality (using confidentiality technologies), which focuses on preventing unauthorized access. This is typically achieved through the use of cryptography. The second approach is disclosure control (using control technologies), which involves both limiting the amount of information that is able to be leaked to the adversary, and ensuring, to the extent possible, that any leaked data cannot be linked to any specific individual.

Confidentiality Technologies

Cryptography includes end-to-end encryption (E2EE) and Off-the-Record Messaging (OTR). E2EE protects the confidentiality of data in transit between the sender and recipient, while also ensuring integrity and authentication. In E2EE, the encryption keys are held by the devices at the end of the communication, which can be agreed upon using key transport or Diffie-Hellman exchange.?This?is a mathematical?method?of securely exchanging?cryptographic keys?over a public channel. OTR, on the other hand, strengthens privacy properties and considers an adversary who can observe and compromise the devices involved in communication.

As with most anything else, approaches such as cryptography??come with trade-offs. They involve high resource requirements, and are characterized by low efficiency, and limited flexibility. There are alternative methods of obfuscating data that are less effective but more efficient. These methods control the amount of information that can be inferred from a data set. How well that works depends on the nature of the data and cleverness of the unintended receiver. The privacy gained from these techniques is based on limiting the available information, which may, of course, impact on its utility.

Anonymization is a technique used to process data without risking individual privacy. It separates identity from information by removing names or other identifiers. This makes the data unlinkable and lessens a reader’s ability to make inferences about its meaning or importance.. However, full anonymity is difficult to achieve as most data contain enough information to correlate different attributes and/or records in a database. Unique data patterns, called quasi-identifiers, can be used to re-identify individuals. To limit the risk of re-identification, anonymization is often combined with other obfuscation techniques such as:

• Generalization is a technique that reduces the precision of data by using ranges or statistics (such as an average), for example, instead of specific numbers.
• Suppression is a technique that involves hiding part of the information. The idea is that the fewer data that are available, the more difficult it is to make inferences. For instance, instead of “Mary made a million dollars,” the message instead states “One of the employees won an exceptional prize.”??The best privacy results can be obtained by using suppression strategies that are tailored to the nature and characteristics of the data but that can only be understood by a reader with prior knowledge of the topic at hand.

Metadata

Metadata are data about data. Examples are:

• Traffic metadata: These types of metadata include information about the communication infrastructure such as identities of participants, data transfer amount and timing, and duration of connection. Metadata of this sort can be used to infer sensitive information about individuals or companies. Anonymous communication networks can protect against this risk. Such networks are formed by relays that change the appearance of messages through encryption and alter the traffic patterns.
• Device metadata: These types of metadata are associated with the platform generating the data and can, thus, reveal sensitive information about the device and its owner. To protect against this, various privacy-enhancing technologies such as Virtual Private Networks (VPNs), Tor, or encrypting device data can be used. Device metadata include specific characteristics of a user’s device, such as browser type and version, screen resolution, installed fonts, that are often sent along with data requests in order to optimize the service provider’s response. The information can be used to identify and track users, even if they are anonymous on the network layer. This process is called browser or device fingerprinting, which makes it possible for service providers to track users across the web. Defending against device metadata attacks is difficult, as hiding this information from online service providers affects device performance.
• Location metadata: These types of metadata are associated with the physical location from which data are generated. It reveals potentially sensitive information about an individual’s location and activities. There are ways to protect against this by using a GPS spoofer or disabling location services on the devices that one uses.?

Tor Network

Tor is the most popular anonymous communication network. It uses “onion” encryption to protect user’s privacy by routing traffic through a series of Onion Routers (ORs). When a user wants to access a service, they install a Tor browser on their device. The browser builds a circuit of three ORs (entry, middle, and exit nodes) and routes encrypted traffic to the destination server through that circuit. A secret key is established with each of the ORs in the circuit and encrypts the packet in layers before it is sent to the destination server. The server sends data back in reverse order, i.e. the server encrypts the message in layers that are decrypted by exit, middle, and entry ORs. ORs do not purposely impose delays on messages, so that traffic patterns are conserved. This means that an attacker could link the origin and destination of communication by seeing both ends of the communication. Mix networks exist that protect against attacks by delaying messages or adding new real or dummy messages to the mix.?

The difference between Tor and a VPN is that Tor is decentralized so that no single relay can learn the link between the sender and receiver. A VPN is centralized, meaning that a??VPN provider can read the correspondence between the sender and receiver.

Control Technologies

As opposed to simply keeping messages confidential, privacy technologies provide control over personal information. In many cases, revealing data may be necessary or perceived as beneficial, but it is important to consider the control over how the data is used. The privacy as control paradigm addresses two main concerns: 1) allowing users to express their preferences for data use, and 2) allowing organizations to define and enforce policies to prevent misuse of the data.

Voting Example

Privacy protection is crucial for valued activities such as electronic voting. Electronic voting systems are designed to provide a secure and trustworthy environment for casting votes. They use encryption and digital signatures to ensure that votes are kept confidential, and that the voting process is tamper-proof. They??also use privacy-preserving techniques such as homomorphic encryption and zero-knowledge proofs to hide the content of individual votes while still allowing them to be counted.?

Electronic petitions that allow citizens to express their opinions and call for change by signing an online petition are done through a dedicated website, or through social media platforms. They also use privacy technologies such as encryption and digital signatures to protect users’ identities and to prevent manipulation.?

Censorship Resistance

Censorship systems aim to control the distribution of content by preventing users from publishing or accessing certain content. Privacy-preserving technologies play a crucial role in supporting freedom of speech and access to information by making censorship resistance possible. For example, the Freenet system uses encryption and anonymous authentication to protect the publishing of content on the Internet and make selective denial of service and coercion by law enforcement difficult. Freenet is a peer-to-peer system that allows for the publication, replication, and retrieval of data while protecting the anonymity of both authors and readers. It also uses keys to locate files and prevent the identity of the recipient from being knowable. The random accessing of information by various parts of the network also provide deniability and protect anonymity.

Tangler is a censorship-resistant application. It splits files into small blocks that are stored on different servers. In order to retrieve a file, multiple servers must be contacted to obtain all the necessary blocks. It replicates entangled files, making it difficult for a censor to delete a target file. Censorship-resistant data access can be achieved through mimicking, tunnelling, embedding communication within other content, and hiding its destination. Mimicking means making censored data look allowable. Tunnelling “tunnels within” popular data services to transmit the censored communication making it difficult for censors to block. Embedding communication within other content makes it hard to find and deniable. Hiding the destination of communication involves relaying censored traffic through intermediate parts of the network and disguising the connections.

Conclusion

There are many cybersecurity methods to protect private data from disclosure or censorship but also many ways of countering cybersecurity systems. Methods are always changing and becoming increasingly sophisticated. To stay ahead of the curve and protect the organization and the individuals who share information with the organization, organization must hire, retain and continually train a top team of cybersecurity professionals and deploy appropriate cybersecurity technologies.?