Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Data Privacy Management

International Workshop on Autonomous and Spontaneous Security

DPM 2010, SETOP 2010: Data Privacy Management and Autonomous Spontaneous Security pp 51–63Cite as

Secret-Sharing Hardware Improves the Privacy of Network Monitoring

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6514))

Abstract

Network service providers monitor the data flow to detect anomalies and malicious behavior in their networks. Network monitoring inspects the data flow over time and thus has to store packet data. Storing of data impedes the privacy of users. A radically new approach counteracts such privacy concerns by exploiting threshold cryptography. It encrypts all monitored traffic. The used symmetric keys are made available to monitoring entities only if they collect enough evidence of malicious behavior. This new approach overcomes weaknesses of packet anonymization. It calls for dedicated hardware that is able to encrypt packets and generate key-share information for gigabit networks. This article proves that the application of Shamir’s secret sharing scheme is possible. The presented hardware is able to protect up to 1.8 million packets per second. The creation of such a high-speed hardware required innovations on the algorithmic, the protocol, and on the architectural level. The outcome is a surprisingly small circuit that fits commercially available FPGA cards. It was tested under real-world conditions. It proved to protect the users’ privacy while monitoring gigabit networks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. American National Standards Institute (ANSI). AMERICAN NATIONAL STANDARD X9.62-2005. Public Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature Algorithm, ECDSA (2005)

    Google Scholar 

  2. Bianchi, G., Teofili, S., Pomposini, M.: New Directions in Privacy-Preserving Anomaly Detection for Network Traffic. In: Antonatos, S., Bezzi, M., Boschi, E., Trammell, B., Yurcik, W. (eds.) NDA, pp. 11–18. ACM, New York (2008)

    Chapter  Google Scholar 

  3. Broadcom. BCM5464SR Quad-Port Gigabit Copper Transceiver with Copper/Fiber Media Interface (2006), http://www.broadcom.com/products/Physical-Layer/Gigabit-Ethernet-PHYs/BCM5464SR

  4. Broder, A.Z., Mitzenmacher, M.: Network Applications of Bloom Filters: A Survey. Internet Mathematics 1(4) (2003)

    Google Scholar 

  5. Burkhart, M., Schatzmann, D., Trammell, B., Boschi, E., Plattner, B.: The Role of Network Trace Anonymization Under Attack. SIGCOMM Comput. Commun. Rev. 40(1), 5–11 (2010)

    Article  Google Scholar 

  6. EU Article 29 Data Protection Working Party. Opinion on the Concept of Personal Data (01248/07/EN WP 136) (April 2007)

    Google Scholar 

  7. Frankel, S., Glenn, R., Kelly, S.: RFC 3602: The AES-CBC Cipher Algorithm and Its Use with IPsec. RFC 3602 (Proposed Standard) (September 2003)

    Google Scholar 

  8. Harn, L., Lin, C.: Detection and Identification of Cheaters in (t, n) Secret Sharing Scheme. Designs, Codes and Cryptography 52, 15–24 (2009), doi:10.1007/s10623-008-9265-8

    Article  MathSciNet  MATH  Google Scholar 

  9. Hoffman, P.: RFC 3664: The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol, IKE (2004)

    Google Scholar 

  10. Hoffman, P.: RFC 4308: Cryptographic Suites for IPsec. RFC 4308 (Proposed Standard) (December 2005)

    Google Scholar 

  11. Lemsitzer, S., Wolkerstorfer, J., Felber, N., Braendli, M.: Multi-gigabit GCM-AES Architecture Optimized for FPGAs. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 227–238. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  12. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. Series on Discrete Mathematics and its Applications. CRC Press, Boca Raton (1997) ISBN 0-8493-8523-7, http://www.cacr.math.uwaterloo.ca/hac/

    MATH  Google Scholar 

  13. Pang, R., Allman, M., Paxson, V., Lee, J.: The Devil and Packet Trace Anonymization. SIGCOMM Comput. Commun. Rev. 36(1), 29–38 (2006)

    Article  Google Scholar 

  14. Shamir, A.: How to Share a Secret. Communications of the ACM 22(11), 612–613 (1979)

    Article  MathSciNet  MATH  Google Scholar 

  15. Song, H., Sproull, T.S., Attig, M., Lockwood, J.W.: Snort Offloader: A Reconfigurable Hardware NIDS Filter. In: Rissa, T., Wilton, S.J.E., Leong, P.H.W. (eds.) FPL, pp. 493–498. IEEE, Los Alamitos (2005)

    Google Scholar 

  16. Stanford University. NetFPGA Project. NetFPGA (2009), http://netfpga.org/

  17. Wolkerstorfer, J., Szekely, A., Lorünser, T.: IPsec Security Gateway for Gigabit Ethernet. In: Ostermann, T. (ed.) Austrochip 2008 – Proceedings of the 16th Austrian Workshop on Microelectronics (October 2008)

    Google Scholar 

  18. Xilinx Corporation. Virtex-II Pro and Virtex-II Pro X Platform FPGAs: Complete Data Sheet (2007), http://www.xilinx.com/support/documentation/virtex-ii_pro_data_sheets.htm

Download references

Author information

Authors and Affiliations

  1. Telecommunications Research Center Vienna (FTW), Donau-City-Strasse 1, 1220, Vienna, Austria

    Johannes Wolkerstorfer

Authors
  1. Johannes Wolkerstorfer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IT/TELECOM Bretagne, Campus de Rennes, 2 Rue de la Châtaigneraie, 35512, Cesson Sévigné, Cedex, France

    Joaquin Garcia-Alfaro

  2. IIIA-CSIC, Campus UAB, 08193, Bellaterra, Spain

    Guillermo Navarro-Arribas

  3. IT/TELECOM SudParis, 9 Rue Charles Fourier, 91011, Evry Cedex, France

    Ana Cavalli

  4. IT/TELECOM ParisTech, 46 Rue Barrault, 75634, Paris Cedex 13, France

    Jean Leneutre

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wolkerstorfer, J. (2011). Secret-Sharing Hardware Improves the Privacy of Network Monitoring. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cavalli, A., Leneutre, J. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2010 2010. Lecture Notes in Computer Science, vol 6514. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19348-4_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-19348-4_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-19347-7

  • Online ISBN: 978-3-642-19348-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation