Privacy-Preserving Distributed Network Troubleshooting
Today, there is a fundamental imbalance in cyber security. While attackers act more and more globally and coordinated, e.g., by using botnets, their counterparts trying to manage and defend networks are limited to examine local information only. While collaboration across network boundaries would substantially strengthen network defense and facilitate network management tasks in general, privacy concerns largely prevent collaborative approaches. To overcome this barrier, we apply secure multiparty computation (MPC) to the problem of aggregating network data from multiple domains. MPC is a cryptographic framework, which allows a set of parties to evaluate functions on distributed data, without leaking local input data. However, although MPC has been studied substantially for almost 30 years, building solutions that are practical in terms of computation and communication costs is still a major challenge, especially if input data is very voluminous as in our scenarios. Therefore, we first optimize MPC comparison operations for processing high volume data in near real-time. The key observation is that required CPU and bandwidth resources can be reduced significantly by not enforcing protocols to run in a constant number of synchronization rounds. With performance of parallel execution in mind, we implement a complete set of basic MPC primitives in the SEPIA library. For parallel invocations, SEPIA's basic operations are between 35 and several hundred times faster than those of existing MPC frameworks. Using the SEPIA library, we then design and implement a number of privacy-preserving protocols for aggregating network statistics, such as timeseries, histograms, entropy values, and distinct item counts. In addition, we devise generic protocols for distributed event correlation and top-k reports. We extensively evaluate the performance of these protocols and show that they run in near real-time. Finally, we apply these protocols to real traffic data from 17 customers of the SWITCH network. We show how these protocols enable the collaborative monitoring of network state as well as the detection and analysis of distributed anomalies, without leaking sensitive local information Show more
External linksSearch via SFX
Organisational unit03234 - Plattner, Bernhard (emeritus)
NotesLecture TU Wien on 8 October 2010.
MoreShow all metadata