HOMMER: Holistic Model for Minority
Education & Research
“The Balancing Act”:
Accountability vs. Privacy
by
Deidre W. Evans
Christy L. Chatmon
Department of Computer and Information Sciences
May 5th, 2004
Overview
• Introduction
• Research Discussion
– “The Balancing Act”
• Goals of Research
– Security Track in Curricula
– Center of Educational Excellence in
Information Assurance by NSA
– Build Collaborations
Department of Computer and Information Sciences
May 5th, 2004
Introduction
• September 11, 2001 was in part due to a
lack of operational balance between
privacy and accountability:
– “Uncrackable encryption is allowing terrorists
to communicate about their intentions without
fear of outside intrusion. They’re thwarting
the efforts of law enforcement to detect,
prevent and investigate illegal activities.”
[FBI director]
Department of Computer and Information Sciences
May 5th, 2004
Introduction
• Increase in security threats
– Denial of service, worms, viruses, etc.
• Advancement in data retrieval & storage
mechanisms
– Data-mining, CRM, WEB Tracking
“The Balancing Act”
• Privacy/Anonymity
– Controlling all information about one’s self &
personal activity
– Authentication
• Passwords, PKI’s, biometrics, etc.
• Accountability/Security
– Attribute actions to the user that caused those
actions
“The Balancing Act”
• Investigate existing methodologies:
– Key Escrow
• third party retrieves cryptographic keys for data
confidentiality for recovery of encrypted data
– PKIs
Department of Computer and Information Sciences
May 5th, 2004
“The Balancing Act”
Anonymity
Accountability
Privacy
Authentication
Privacy
Cyber-forensics
Free Speech
Liability/Copyright
Department of Computer and Information Sciences
May 5th, 2004
Goals of Research
• Problem:
– Existing paradigms embody conflict between
security goals and privacy goals
• Goal:
– Explore alternative paradigms that balances
the needs for security with the needs for
personal privacy
• Develop a cryptographic infrastructure models,
techniques, & tools to facilitate “privacy-balanced
accountability”
Department of Computer and Information Sciences
May 5th, 2004
Goals of Research
• FAMU CIS department recognized as a
Center of Educational Excellence in
Information Security by National Security
Agency
• Information Security Track in CIS curricula
Department of Computer and Information Sciences
May 5th, 2004
Goals of Research
Cisco Router
Cisco 24 Port Switch
Cloud
Cisco Pix Firewall
Cisco 24 Port Switch
NT 2000 Server
Solaris 9 server
NT 2003 Server with Terminal Services
Workstations - Operating systems Linux Win2K Win98 VMWare
Goals of Research
• Standalone Security Lab to support
research & course needs
– explore new paradigms for training students
about security and to foster students’ interests
in security issues
• Extend collaborations with other security
educators
– FSU, University of Central Florida, etc.
Department of Computer and Information Sciences
May 5th, 2004
References
[1]
[2]
[3]
[4]
[5]
[6]
Carl Ellison and Bruce Schneier. Ten Risks of PKI, What You Are Not
Being Told About PKI. Computer Security Journal, Vol. XVI, No. 1,
2000.
Donald Runsfeld. US Secretary of State, Comments to the press,
Sept 12, 2001, http://www.defenselink.mil/cgibin/real_audio.pl?Sep2001/DoD091201a&1000322100
Hosmer, C., Gordon, G., Hyde, C., Grant, T. "Cyber Forensics 2000."
Proceedings, 1st Annual Study of the State-of-the-Art in Cyber Forensics.
J.K. Millen and R.N. Wright. Reasoning about Trust and Insurance in a
Public Key Infrastructure. Proceedings of 13th IEEE Computer Security
Foundations Workshop, IEEE Computer Society, July 2000.
Jack Kelley. Terror groups hide behind Web encryption. USA Today, June
19, 2001, http://www.usatoday.com/life/cyber/tech/2001-02-05-binladen.htm
M. Burmester, Y. Desmedt and J. Seberry. Equitable key escrow with limited
time-span. Advances in Cryptology, Asiacrypt 98, LNCS 1514, Springer,
Berlin, pp. 380-391, 1998.
Department of Computer and Information Sciences
May 5th, 2004