Abstract
Today, there is a fundamental imbalance in cybersecurity. While attackers act more and more globally and coordinated, network defense is limited to examine local information only due to privacy concerns. To overcome this privacy barrier, we use secure multiparty computation (MPC) for the problem of aggregating network data from multiple domains. We first optimize MPC comparison operations for processing high volume data in near real-time by not enforcing protocols to run in a constant number of synchronization rounds. We then implement a complete set of basic MPC primitives in the SEPIA library. For parallel invocations, SEPIA's basic operations are between 35 and several hundred times faster than those of comparable MPC frameworks. Using these operations, we develop four protocols tailored for distributed network monitoring and security applications: the entropy, distinct count, event correlation, and top-k protocols. Extensive evaluation shows that the protocols are suitable for near real-time data aggregation. For example, our top-k protocol PPTKS accurately aggregates counts for 180,000 distributed IP addresses in only a few minutes. Finally, we use SEPIA with real traffic data from 17 customers of a backbone network to collaboratively detect, analyze, and mitigate distributed anomalies. Our work follows a path starting from theory, going to system design, performance evaluation, and ending with measurement. Along this way, it makes a first effort to bridge two very disparate worlds: MPC theory and network monitoring and security practices.
- Aggarval, G., Mishra, N., and Pinkas, B. 2004. Secure Computation of the kth-Ranked Element. In Proceedings of the EUROCRYPT.Google Scholar
- Akbarinia, R., Pacitti, E., and Valduriez, P. 2007. Best position algorithms for top-k queries. In Proceedings of the International Conference on Very Large Data Bases (VLDB). Google Scholar
Digital Library
- Applebaum, B., Ringberg, H., Freedman, M. J., Caesar, M., and Rexford, J. 2010. Collaborative, privacy-preserving data aggregation at scale. In Proceedings of the Privacy Enhancing Technologies Symposium (PETS). Google Scholar
Digital Library
- Babcock, B. and Olston, C. 2003. Distributed top-k monitoring. In Proceedings of the ACM SIGMOD International Conference on Management of Data. Google Scholar
Digital Library
- Bar-Ilan, J. and Beaver, D. 1989. Non-cryptographic fault-tolerant computing in constant number of rounds of interaction. In Proceedings of the ACM Symposium on Principles of Distributed Computing (PODC). Google Scholar
Digital Library
- Beaver, D., Micali, S., and Rogaway, P. 1990. The round complexity of secure protocols. In Proceedings of the ACM Symposium on Theory of Computing (STOC). Google Scholar
Digital Library
- Ben-David, A., Nisan, N., and Pinkas, B. 2008. FairplayMP: a system for secure multi-party computation. In Proceedings of the Conference on Computer and Communications Security (CCS). Google Scholar
Digital Library
- Ben-Or, M., Goldwasser, S., and Wigderson, A. 1988. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Proceedings of the ACM Symposium on Theory of Computing (STOC). Google Scholar
Digital Library
- Bethencourt, J., Franklin, J., and Vernon, M. 2005. Mapping internet sensors with probe response attacks. In Proceedings of the 14th USENIX Security Symposium. Google Scholar
Digital Library
- Bogdanov, D., Laur, S., and Willemson, J. 2008. Sharemind: A Framework for Fast Privacy-Preserving Computations. In Proceedings of the European Symposium on Research in Computer Security (ESORICS). Google Scholar
Digital Library
- Bogetoft, P., Christensen, D., DamgÅrd, I., Geisler, M., Jakobsen, T., Krøigaard, M., Nielsen, J., Nielsen, J., Nielsen, K., Pagter, J., et al. 2009. Secure multiparty computation goes live. In Proceedings of the Financial Cryptography Association. Google Scholar
Digital Library
- Brauckhoff, D., Dimitropoulos, X., Wagner, A., and Salamatian, K. 2009a. Anomaly extraction in backbone networks using association rules. In Proceedings of the Internet Measurement Conference (IMC). Google Scholar
Digital Library
- Brauckhoff, D., Salamatian, K., and May, M. 2009b. Applying PCA for Traffic Anomaly Detection: Problems and Solutions. In Proceedings of INFOCOM.Google Scholar
- Burkhart, M. and Dimitropoulos, X. 2010. Fast privacy-preserving top-k queries using secret sharing. In Proceedings of the International Conference on Computer Communications and Networks (ICCCN).Google Scholar
- Burkhart, M., Strasser, M., Many, D., and Dimitropoulos, X. 2010. SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics. In Proceedings of the 19th USENIX Security Symposium. Google Scholar
Digital Library
- Canetti, R. 2001. Universally composable security: A new paradigm for cryptographic protocols. In Proceedings of the IEEE Symposium on Foundations of Computer Science (FOCS). Google Scholar
Digital Library
- Chang, K. and Hwang, S. 2002. Minimal probing: Supporting expensive predicates for top-k queries. In Proceedings of the ACM SIGMOD International Conference on Management of Data. Google Scholar
Digital Library
- Chow, S. S. M., Lee, J.-H., and Subramanian, L. 2009. Two-party computation model for privacy-preserving queries over distributed databases. In Proceedings of the Network and Distributed Systems Society Symposium (NDSS). The Internet Society.Google Scholar
- DamgÅrd, I., Fitzi, M., Kiltz, E., Nielsen, J., and Toft, T. 2006. Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation. In Proceedings of the Theory of Cryptography Conference (TCC). Google Scholar
Digital Library
- DamgÅrd, I., Geisler, M., Krøigaard, M., and Nielsen, J. 2009. Asynchronous multiparty computation: Theory and implementation. In Proceedings of the Conference on Practice and Theory in Public Key Cryptography (PKC). Google Scholar
Digital Library
- DamgÅrd, I., Meldgaard, S., and Nielsen, J. B. 2011. Perfectly Secure Oblivious RAM Without Random Oracles. In Proceedings of the Theory of Cryptography Conference (TCC). Google Scholar
Digital Library
- Duan, Y. 2009. Differential privacy for sum queries without external noise. In Proceedings of the ACM Conference on Information and Knowledge Management (CIKM).Google Scholar
- Dwork, C. 2008. Differential privacy: A survey of results. In Proceedings of the Conference on Theory and Applications of Models of Computation (TAMC). Google Scholar
Digital Library
- Fagin, R. 1996. Combining fuzzy information from multiple systems. In Proceedings of the ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems. Google Scholar
Digital Library
- Fagin, R., Lotem, A., and Naor, M. 2001. Optimal aggregation algorithms for middleware. In Proceedings of the ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS). Google Scholar
Digital Library
- Freedman, M. J., Nissim, K., and Pinkas, B. 2004. Efficient private matching and set intersection. In Proceedings of the EUROCRYPT. Lecture Notes in Computer Science, vol. 3027, Springer Berlin, 1--19.Google Scholar
- Gennaro, R., Ishai, Y., Kushilevitz, E., and Rabin, T. 2002. On 2-round secure multiparty computation. In Proceedings of CRYPTO. Google Scholar
Digital Library
- Gennaro, R., Rabin, M., and Rabin, T. 1998. Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In Proceedings of the 7th Annual ACM Symposium on Principles of Distributed Computing (PODC). Google Scholar
Digital Library
- Goldreich, O., Micali, S., and Wigderson, A. 1987. How to play any mental game. In Proceedings of the ACM Symposium on the Theory of Computing (STOC). Google Scholar
Digital Library
- Lakhina, A., Crovella, M., and Diot, C. 2005. Mining anomalies using traffic feature distributions. In Proceedings of the ACM SIGCOMM Data Communications Festival. Google Scholar
Digital Library
- Lee, A. J., Tabriz, P., and Borisov, N. 2006. A privacy-preserving interdomain audit framework. In Proceedings of the Workshop on Privacy in Electronic Society (WPES). Google Scholar
Digital Library
- Li, X., Bian, F., Crovella, M., Diot, C., Govindan, R., Iannaccone, G., and Lakhina, A. 2006. Detection and identification of network anomalies using sketch subspaces. In Proceedings of the Internet Measurement Conference (IMC). Google Scholar
Digital Library
- Lincoln, P., Porras, P., and Shmatikov, V. 2004. Privacy-preserving sharing and correlation of security alerts. In Proceedings of the 13th USENIX Security Symposium. Google Scholar
Digital Library
- Machiraju, S. and Katz, R. H. 2004. Verifying global invariants in multi-provider distributed systems. In Proceedings of the SIGCOMM Workshop on Hot Topics in Networking (HotNets). ACM.Google Scholar
- Marian, A., Bruno, N., and Gravano, L. 2004. Evaluating top-k queries over web-accessible databases. ACM Trans. Datab. Syst. 29, 2, 319--362. Google Scholar
Digital Library
- McSherry, F. and Mahajan, R. 2010. Differentially-private network trace analysis. In Proceedings of the ACM SIGCOMM Data Communications Festival. Google Scholar
Digital Library
- Nishide, T. and Ohta, K. 2007. Multiparty computation for interval, equality, and comparison without bit-decomposition protocol. In Proceedings of the Conference on Theory and Practice of Public Key Cryptography (PKC). Google Scholar
Digital Library
- Parekh, J. J., Wang, K., and Stolfo, S. J. 2006. Privacy-preserving payload-based correlation for accurate malicious traffic detection. In Proceedings of the ACM Workshop on Large-Scale Attack Defense (LSAD). Google Scholar
Digital Library
- Ranjan, S., Shah, S., Nucci, A., Munafò, M. M., Cruz, R. L., and Muthukrishnan, S. M. 2007. Dowitcher: Effective worm detection and containment in the internet core. In Proceedings of INFOCOM.Google Scholar
- Ringberg, H. 2009. Privacy-preserving collaborative anomaly detection. Ph.D. thesis, Princeton University. Google Scholar
Digital Library
- Rossi, D., Mellia, M., and Meo, M. 2009. Understanding Skype signaling. Comput. Netw. 53, 2, 130--140. Google Scholar
Digital Library
- Roughan, M. and Zhang, Y. 2006a. Privacy-preserving performance measurements. In Proceedings of the SIGCOMM Workshop on Mining Network Data (MineNet). Google Scholar
Digital Library
- Roughan, M. and Zhang, Y. 2006b. Secure distributed data-mining and its application to large-scale network measurements. Comput. Comm. Rev. 36, 1, 7--14. Google Scholar
Digital Library
- Sang, Y., Shen, H., Tan, Y., and Xiong, N. 2006. Efficient protocols for privacy preserving matching against distributed datasets. In Proceedings of the Conference on Information and Communications Security (ICICS). Google Scholar
Digital Library
- Shamir, A. 1979. How to share a secret. Comm. ACM 22, 11, 612--613. Google Scholar
Digital Library
- Shmatikov, V. and Wang, M. 2007. Security against probe-response attacks in collaborative intrusion detection. In Proceedings of the ACM Workshop on Large-scale Attack Defense (LSAD). Google Scholar
Digital Library
- Stolfo, S. J. 2004. Worm and attack early warning. IEEE Secur. Priv. 2, 3, 73--75. Google Scholar
Digital Library
- SWITCH. The Swiss education and research network. http://www.switch.ch.Google Scholar
- Tariq, M. B., Motiwala, M., Feamster, N., and Ammar, M. 2009. Detecting network neutrality violations with causal inference. In Proceedings of the Conference on Emerging Networking Experiments and Technologies (CoNEXT). Google Scholar
Digital Library
- Tellenbach, B., Burkhart, M., Schatzmann, D., Gugelmann, D., and Sornette, D. 2011. Accurate network anomaly classification with generalized entropy metrics. Comput. Netw. 55, 15, 3485--3502. Google Scholar
Digital Library
- Vaidya, J. and Clifton, C. 2005. Privacy-preserving top-k queries. In Proceedings of the IEEE International Conference on Data Engineering (ICDE). Google Scholar
Digital Library
- Vaidya, J. and Clifton, C. 2009. Privacy-preserving kth element score over vertically partitioned data. IEEE Trans. Knowl. Data 21, 2, 253--258. Google Scholar
Digital Library
- Xiong, L., Chitti, S., and Liu, L. 2005. Topk queries across multiple private databases. In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS). Google Scholar
Digital Library
- Yao, A. 1982. Protocols for secure computations. In Proceedings of the IEEE Symposium on Foundations of Computer Science. Google Scholar
Digital Library
- Yegneswaran, V., Barford, P., and Jha, S. 2004. Global intrusion detection in the DOMINO overlay system. In Proceedings of the Network and Distributed System Security Symposium (NDSS).Google Scholar
Index Terms
Privacy-preserving distributed network troubleshooting—bridging the gap between theory and practice
Recommendations
Privacy-preserving data mining in the malicious model
Most of the cryptographic work in privacy-preserving distributed data mining deals with semi-honest adversaries, which are assumed to follow the prescribed protocol but try to infer private information using the messages they receive during the ...
Unconditionally secure disjointness tests for private datasets
We present two unconditional secure protocols for private set disjointness tests. In order to provide intuition of our protocols, we give a naive example that applies Sylvester matrices. Unfortunately, this simple construction is insecure as it reveals ...
On the Communication Efficiency of Statistically Secure Asynchronous MPC with Optimal Resilience
AbstractSecure multi-party computation (MPC) is a fundamental problem in secure distributed computing. An MPC protocol allows a set of n mutually distrusting parties with private inputs to securely compute any publicly known function of their inputs, by ...






Comments