Privacy Recommendations for IEEE 802 LMSC Section 8 Revision Overview

march 2018 privacy recommendations for 802 lmsc n.w
1 / 9
Embed
Share

Introducing substantial changes to section 8 of the current 802E draft, providing a framework for evaluating operations with respect to privacy and security. Includes template questionnaires, recommendations for standards developers, implementers, and network designers, along with practical examples for consideration.

  • Privacy
  • Recommendations
  • IEEE 802
  • Security
  • Framework
rayaanacharya
rutz_man Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. March 2018 Privacy Recommendations for 802 LMSC Section 8: Recommendations doc.: privecsg-18-0001-00-ecsg Date: 2018-02-23 Authors: Name Affiliation E-mail Amelia Andersdotter ARTICLE19 amelia@article19.org Juan-Carlos Z iga Sigfox juancarlos.zuniga@sigfox.com Univ. Lyon, INSA Lyon, Inria, CITI Mathieu Cunche mathieu.cunche@inria.fr Submission Slide 1 Z iga, Andersdotter, Cunche

  2. March 2018 doc.: privecsg-18-0001-00-ecsg Abstract We introduce substantial changes to section 8 of the current 802E draft v 0.07, with a view to providing a framework within which standards developers, implementers and network designers can evaluate their operations with respect to privacy and security. Through a set of template questionnaires and recommendations, combined with exemplifications of adversarial situations presented previously to the group, we present a rigorous framework for self-assessment. Our work draws on experiences from other standards bodies, such as the IETF, and academia, including to the extent that privacy research has previously been presented at the IEEE 802 LMSC. Submission Slide 2 Z iga, Andersdotter, Cunche

  3. March 2018 doc.: privecsg-18-0001-00-ecsg Section 8 revision overview Title: Recommendations (same as the old title) Section 8.1: Template questionnaires (new addition!) For standards developers Identifiers Observers Configurability For standards implementers For network designers Template questionnaires broadly based on IETF RFC 6973 (Privacy Guidelines), but adapted to 802 conditions and IEEE terminology as necessary. Submission Slide 3 Z iga, Andersdotter, Cunche

  4. March 2018 doc.: privecsg-18-0001-00-ecsg Section 8 revisions overview Section 8.2: Recommendations Eight preferred (recommended) considerations for standards developers, implementers and network designers to take into account when planning their work. Section 8.3: Practical examples For each consideration or pair of considerations in section 8.2, a short explanation and example of how a recommendation may be taken into account. Will also exemplify and contextualise situations and questions brought forward in Section 8.1 with subsections. Submission Slide 4 Z iga, Andersdotter, Cunche

  5. March 2018 doc.: privecsg-18-0001-00-ecsg Section 3 revisions consistency Changes in section 3: Adding identifier in line with previous IEEE Standards Dictionary definitions, taking into account 802 LMSC peculiarities. Introducing distinctions: persistent and temporary identifiers. Converging on target , personal device terminology (deleting mentions of PII principal and similar terms). Converging on adversary terminology, rather than alternating adversary/attacker. Small cleaning: removing NOTE -sections in definitions (esp. in PII definition), clarifying language (for instance, removing mentions of bridged networks that would not be appropriate in a 802.11 or .15 context), shortening redundancies. Additionally, uses of the word may in descriptive texts has been phased out in favour of might (withouth consideration to grammar), since may is an IEEE reserved word for normative statements(!) Submission Slide 5 Z iga, Andersdotter, Cunche

  6. March 2018 doc.: privecsg-18-0001-00-ecsg Section 6 remake overview Maintaining previous texts under new headings 4 subsections instead of 9. Less overlap between sections. 6.1 Context: Context of PII, privacy, justifications for PII collection and identifier use in technology. (previously: 6.1, 6.2, 6.3) 6.2 IEEE and Privacy: a short descriptive text of ways in which 802 LMSC processes may impact privacy (merged sections 6.4, 6.9) 6.3 Correlation, fingerprinting and patterns: merges all previous description of derivations of attributes of individuals into the same text. (merged sections 6.5, 6.6) 6.4 Personal and shared devices: left unchanged. (previously: 6.7) Section 6.8 on MAC addresses as PII is dropped, since this is addressed in Section 8. Submission Slide 6 Z iga, Andersdotter, Cunche

  7. March 2018 doc.: privecsg-18-0001-00-ecsg Section 6 remake continued Language brought in line with adversary and target terminology of Section 3. Dropping privacy violation in favour of PII disclosure or exposure, also to converge with definitions in Section 3. Switching from protocol to specification to better conform with 802 LMSC standardisation activities (as opposed to, for instance, IETF activities). Section 3 revisions consistency Changes in section 3: Removing Strong PII and weak PII . These distinctions seem no longer necessary with the new, broader texts in section 6, combined with the more to the point, self-assessment schema of section 8. Submission Slide 7 Z iga, Andersdotter, Cunche

  8. March 2018 doc.: privecsg-18-0001-00-ecsg To do: Section 7. Bringing language in line with Section 3: Definitions, if necessary(!) Submission Slide 8 Z iga, Andersdotter, Cunche

  9. March 2018 doc.: privecsg-18-0001-00-ecsg References M. Vanhoef, C. Matte, M. Cunche, L.S. Cardoso, F. Piessens, Tracking 802.11 stations without relying on the link layer identifier, IEEE privecsg-16-0003- 00-0000, 14 April 2016. J.C. Z iga, 802E Privacy Mitigations, IEEE privecsg-16-0002-00-0000, 23 March 2016. IETF RFC 6973, Privacy Considerations for Internet Protocols, July 2013. https://tools.ietf.org/html/rfc6973 Submission Slide 9 Z iga, Andersdotter, Cunche

Related


Dynamic Pricing Algorithms with Privacy Preservation in Personalized Decision Making

Dynamic Pricing Algorithms with Privacy Preservation in Personalized Decision Making

lillia
Privacy in Information Security Training

Privacy in Information Security Training

lillia
NCVHS Subcommittee on Privacy Comments on HIPAA Privacy Rule for Reproductive Health Care

NCVHS Subcommittee on Privacy Comments on HIPAA Privacy Rule for Reproductive Health Care

haley
Privacy-Preserving Analysis of Graph Structures

Privacy-Preserving Analysis of Graph Structures

bilal
FMCSA Privacy Awareness Training Overview for 2022

FMCSA Privacy Awareness Training Overview for 2022

natan
Data Privacy Laws and Regulations in Saudi Arabia

Data Privacy Laws and Regulations in Saudi Arabia

twyla
Breach of Confidence and Privacy Rights in English Law

Breach of Confidence and Privacy Rights in English Law

teodor
Privacy Considerations in Data Management for Data Science Lecture

Privacy Considerations in Data Management for Data Science Lecture

maen728
Costs and Revenues for Decision Making

Costs and Revenues for Decision Making

mayed
Enhancing Privacy with Randomized MAC Addresses in 802.11 Networks

Enhancing Privacy with Randomized MAC Addresses in 802.11 Networks

kgorr
Proposed Amendments to City Campaign Finance Code

Proposed Amendments to City Campaign Finance Code

malo844
Privacy Issues in IEEE 802.11 Networks: Tracking and MAC Randomization

Privacy Issues in IEEE 802.11 Networks: Tracking and MAC Randomization

kard154
The Privacy Paradox: Attitudes vs. Behaviors

The Privacy Paradox: Attitudes vs. Behaviors

clai_evi
Privacy Rights in Europe: A Comprehensive Overview

Privacy Rights in Europe: A Comprehensive Overview

jesu_26
Breach of Confidence and Privacy Rights in Legal Context

Breach of Confidence and Privacy Rights in Legal Context

harmo
Proposal for IEEE 802.11 Privacy Enhancement

Proposal for IEEE 802.11 Privacy Enhancement

pkal
Data Privacy Best Practices Training for Libraries

Data Privacy Best Practices Training for Libraries

teo_nah
Enhancing Online Patron Privacy in Library Websites

Enhancing Online Patron Privacy in Library Websites

weld852
Student Privacy Laws and Best Practices in Education Sector

Student Privacy Laws and Best Practices in Education Sector

nam_e
Privacy Awareness Week 2017: Understanding the Australian Privacy Act

Privacy Awareness Week 2017: Understanding the Australian Privacy Act

saan296
The Challenges of Protecting Privacy with Differential Privacy

The Challenges of Protecting Privacy with Differential Privacy

rashiqu

More Related Content