Secure Personal Data Servers: a Vision Paper
Nowadays, almost all companies and admirations are depending on storing data in central servers in order to make it easy for users to access their personal data. A huge amount of personal data is collected to servers in various fields such as hospitals, insurance corporations, organizations, etc. Because of the convent these servers provide, many people are requesting from internet companies to store their data and make it reliable and accessible through the internet in several platforms all the time. Moreover, the amount number of information systems constantly collecting personal data on servers is growing very fast. Most ...view middle of the document...
There are numerous real life examples of privacy violations effect users because of carelessness, improper use, internal attacks and external attacks. The following examples are some of the large-scale privacy violations:
• Example of privacy violation effect users from carelessness:
The National Archives and Records Administration (NARA) is investigating and searching about a missed hard drive that contains over than 70 million veterans’ records including their names, date of birth, social security number, etc. The missing hard drive sent to reparation and then they lost it. Others believe it has been recycled. (DataLossDB, 05 October 2009).
• Example of improper use of users’ personal data:
An attacker who was interested on collecting British health medical folders announced that he would sell each folder with 4 £. Unfortunately, there were many customers such as insurance and marketing companies were interested to sell such a health medical folder to attackers. They found that these health medical folders came from a private hospital, which his documents were subcontracted to an enterprise.
(The Daily Mail Online, 19 October 2009).
• Example of violating personal data by an internal attack:
In 2004, it was reported one of the major data violation at America Online. The cause of this violation was a malicious insider who sold 92 millions email addresses belonging to 32 millions subscribers to spammers. (DataLossDB, Open Security Foundation).
• Example of leaked user data by an external attack:
UCSD's Moores Cancer Center has notified around 30000 of its patients that their personal data such as name, date of birth, medical number, and diagnosis and treatment dates have been leaked since 2004. The reason behind this attack was a hacker who compromised the data central server. (Sign on San Diego, 15 July 2009).
3. PROBLEM STATEMENT
This section presents the hardware features of SPT. After that, will talk about the titles related to the security of PDSs and lastly will address the problem associated with the implementation of PDS approach.
Hardware features of SPTs: SPT has a microcontroller which consists of a 32 bit RISC processor, memory modules consist of Read-only memory (ROM), static RAM (around 64 KB), a small internal stable storage (around 1 MB of NOR Flash), and the last component is a security modules which is the responsible for the tamper-resistance. Moreover, SPTs’ microcontroller is connecting to a massive external storage (about Gigabytes of NAND Flash) through a bus. As matter of fact, there are several ways allow SPTs to communicate with the outside world such as USB 2.0, Bluetooth and 802.11.
PDS security: there are many factors that help to make PDS a trusted device as following:
• Making hardware and side-channel attacks hard by allowing PDS to inherit the tamper-resistance feature that SPT has.
• PDS core is a basic software which contains an operating system, PDS generic tools and database engine. ...