Privacy-Preserving Distributed Network Troubleshooting
Metadata only
Autor(in)
Datum
2010-10Typ
- Presentation
ETH Bibliographie
yes
Altmetrics
Abstract
Today, there is a fundamental imbalance in cyber security. While attackers act more and more globally and coordinated, e.g., by using botnets, their counterparts trying to manage and defend networks are limited to examine local information only. While collaboration across network boundaries would substantially strengthen network defense and facilitate network management tasks in general, privacy concerns largely prevent collaborative approaches. To overcome this barrier, we apply secure multiparty computation (MPC) to the problem of aggregating network data from multiple domains. MPC is a cryptographic framework, which allows a set of parties to evaluate functions on distributed data, without leaking local input data. However, although MPC has been studied substantially for almost 30 years, building solutions that are practical in terms of computation and communication costs is still a major challenge, especially if input data is very voluminous as in our scenarios. Therefore, we first optimize MPC comparison operations for processing high volume data in near real-time. The key observation is that required CPU and bandwidth resources can be reduced significantly by not enforcing protocols to run in a constant number of synchronization rounds. With performance of parallel execution in mind, we implement a complete set of basic MPC primitives in the SEPIA library. For parallel invocations, SEPIA's basic operations are between 35 and several hundred times faster than those of existing MPC frameworks. Using the SEPIA library, we then design and implement a number of privacy-preserving protocols for aggregating network statistics, such as timeseries, histograms, entropy values, and distinct item counts. In addition, we devise generic protocols for distributed event correlation and top-k reports. We extensively evaluate the performance of these protocols and show that they run in near real-time. Finally, we apply these protocols to real traffic data from 17 customers of the SWITCH network. We show how these protocols enable the collaborative monitoring of network state as well as the detection and analysis of distributed anomalies, without leaking sensitive local information. Mehr anzeigen
Publikationsstatus
publishedOrganisationseinheit
03234 - Plattner, Bernhard (emeritus) / Plattner, Bernhard (emeritus)
Anmerkungen
Lecture TU Wien on 8 October 2010.ETH Bibliographie
yes
Altmetrics