research-article

Privacy-preserving distributed network troubleshooting—bridging the gap between theory and practice

Authors:

Martin Burkhart,

Xenofontas DimitropoulosAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 14, Issue 4

Article No.: 31, Pages 1 - 30

https://doi.org/10.1145/2043628.2043632

Published: 26 December 2008 Publication History

Abstract

Today, there is a fundamental imbalance in cybersecurity. While attackers act more and more globally and coordinated, network defense is limited to examine local information only due to privacy concerns. To overcome this privacy barrier, we use secure multiparty computation (MPC) for the problem of aggregating network data from multiple domains. We first optimize MPC comparison operations for processing high volume data in near real-time by not enforcing protocols to run in a constant number of synchronization rounds. We then implement a complete set of basic MPC primitives in the SEPIA library. For parallel invocations, SEPIA's basic operations are between 35 and several hundred times faster than those of comparable MPC frameworks. Using these operations, we develop four protocols tailored for distributed network monitoring and security applications: the entropy, distinct count, event correlation, and top-k protocols. Extensive evaluation shows that the protocols are suitable for near real-time data aggregation. For example, our top-k protocol PPTKS accurately aggregates counts for 180,000 distributed IP addresses in only a few minutes. Finally, we use SEPIA with real traffic data from 17 customers of a backbone network to collaboratively detect, analyze, and mitigate distributed anomalies. Our work follows a path starting from theory, going to system design, performance evaluation, and ending with measurement. Along this way, it makes a first effort to bridge two very disparate worlds: MPC theory and network monitoring and security practices.

References

[1]

Aggarval, G., Mishra, N., and Pinkas, B. 2004. Secure Computation of the kth-Ranked Element. In Proceedings of the EUROCRYPT.

[2]

Akbarinia, R., Pacitti, E., and Valduriez, P. 2007. Best position algorithms for top-k queries. In Proceedings of the International Conference on Very Large Data Bases (VLDB).

Digital Library

[3]

Applebaum, B., Ringberg, H., Freedman, M. J., Caesar, M., and Rexford, J. 2010. Collaborative, privacy-preserving data aggregation at scale. In Proceedings of the Privacy Enhancing Technologies Symposium (PETS).

Digital Library

[4]

Babcock, B. and Olston, C. 2003. Distributed top-k monitoring. In Proceedings of the ACM SIGMOD International Conference on Management of Data.

Digital Library

[5]

Bar-Ilan, J. and Beaver, D. 1989. Non-cryptographic fault-tolerant computing in constant number of rounds of interaction. In Proceedings of the ACM Symposium on Principles of Distributed Computing (PODC).

Digital Library

[6]

Beaver, D., Micali, S., and Rogaway, P. 1990. The round complexity of secure protocols. In Proceedings of the ACM Symposium on Theory of Computing (STOC).

Digital Library

[7]

Ben-David, A., Nisan, N., and Pinkas, B. 2008. FairplayMP: a system for secure multi-party computation. In Proceedings of the Conference on Computer and Communications Security (CCS).

Digital Library

[8]

Ben-Or, M., Goldwasser, S., and Wigderson, A. 1988. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Proceedings of the ACM Symposium on Theory of Computing (STOC).

Digital Library

[9]

Bethencourt, J., Franklin, J., and Vernon, M. 2005. Mapping internet sensors with probe response attacks. In Proceedings of the 14th USENIX Security Symposium.

Digital Library

[10]

Bogdanov, D., Laur, S., and Willemson, J. 2008. Sharemind: A Framework for Fast Privacy-Preserving Computations. In Proceedings of the European Symposium on Research in Computer Security (ESORICS).

Digital Library

[11]

Bogetoft, P., Christensen, D., Damg&angst;rd, I., Geisler, M., Jakobsen, T., Krøigaard, M., Nielsen, J., Nielsen, J., Nielsen, K., Pagter, J., et al. 2009. Secure multiparty computation goes live. In Proceedings of the Financial Cryptography Association.

Digital Library

[12]

Brauckhoff, D., Dimitropoulos, X., Wagner, A., and Salamatian, K. 2009a. Anomaly extraction in backbone networks using association rules. In Proceedings of the Internet Measurement Conference (IMC).

Digital Library

[13]

Brauckhoff, D., Salamatian, K., and May, M. 2009b. Applying PCA for Traffic Anomaly Detection: Problems and Solutions. In Proceedings of INFOCOM.

[14]

Burkhart, M. and Dimitropoulos, X. 2010. Fast privacy-preserving top-k queries using secret sharing. In Proceedings of the International Conference on Computer Communications and Networks (ICCCN).

[15]

Burkhart, M., Strasser, M., Many, D., and Dimitropoulos, X. 2010. SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics. In Proceedings of the 19th USENIX Security Symposium.

Digital Library

[16]

Canetti, R. 2001. Universally composable security: A new paradigm for cryptographic protocols. In Proceedings of the IEEE Symposium on Foundations of Computer Science (FOCS).

Digital Library

[17]

Chang, K. and Hwang, S. 2002. Minimal probing: Supporting expensive predicates for top-k queries. In Proceedings of the ACM SIGMOD International Conference on Management of Data.

Digital Library

[18]

Chow, S. S. M., Lee, J.-H., and Subramanian, L. 2009. Two-party computation model for privacy-preserving queries over distributed databases. In Proceedings of the Network and Distributed Systems Society Symposium (NDSS). The Internet Society.

[19]

Damg&angst;rd, I., Fitzi, M., Kiltz, E., Nielsen, J., and Toft, T. 2006. Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation. In Proceedings of the Theory of Cryptography Conference (TCC).

Digital Library

[20]

Damg&angst;rd, I., Geisler, M., Krøigaard, M., and Nielsen, J. 2009. Asynchronous multiparty computation: Theory and implementation. In Proceedings of the Conference on Practice and Theory in Public Key Cryptography (PKC).

Digital Library

[21]

Damg&angst;rd, I., Meldgaard, S., and Nielsen, J. B. 2011. Perfectly Secure Oblivious RAM Without Random Oracles. In Proceedings of the Theory of Cryptography Conference (TCC).

Digital Library

[22]

Duan, Y. 2009. Differential privacy for sum queries without external noise. In Proceedings of the ACM Conference on Information and Knowledge Management (CIKM).

[23]

Dwork, C. 2008. Differential privacy: A survey of results. In Proceedings of the Conference on Theory and Applications of Models of Computation (TAMC).

Digital Library

[24]

Fagin, R. 1996. Combining fuzzy information from multiple systems. In Proceedings of the ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems.

Digital Library

[25]

Fagin, R., Lotem, A., and Naor, M. 2001. Optimal aggregation algorithms for middleware. In Proceedings of the ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS).

Digital Library

[26]

Freedman, M. J., Nissim, K., and Pinkas, B. 2004. Efficient private matching and set intersection. In Proceedings of the EUROCRYPT. Lecture Notes in Computer Science, vol. 3027, Springer Berlin, 1--19.

[27]

Gennaro, R., Ishai, Y., Kushilevitz, E., and Rabin, T. 2002. On 2-round secure multiparty computation. In Proceedings of CRYPTO.

Digital Library

[28]

Gennaro, R., Rabin, M., and Rabin, T. 1998. Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In Proceedings of the 7th Annual ACM Symposium on Principles of Distributed Computing (PODC).

Digital Library

[29]

Goldreich, O., Micali, S., and Wigderson, A. 1987. How to play any mental game. In Proceedings of the ACM Symposium on the Theory of Computing (STOC).

Digital Library

[30]

Lakhina, A., Crovella, M., and Diot, C. 2005. Mining anomalies using traffic feature distributions. In Proceedings of the ACM SIGCOMM Data Communications Festival.

Digital Library

[31]

Lee, A. J., Tabriz, P., and Borisov, N. 2006. A privacy-preserving interdomain audit framework. In Proceedings of the Workshop on Privacy in Electronic Society (WPES).

Digital Library

[32]

Li, X., Bian, F., Crovella, M., Diot, C., Govindan, R., Iannaccone, G., and Lakhina, A. 2006. Detection and identification of network anomalies using sketch subspaces. In Proceedings of the Internet Measurement Conference (IMC).

Digital Library

[33]

Lincoln, P., Porras, P., and Shmatikov, V. 2004. Privacy-preserving sharing and correlation of security alerts. In Proceedings of the 13th USENIX Security Symposium.

Digital Library

[34]

Machiraju, S. and Katz, R. H. 2004. Verifying global invariants in multi-provider distributed systems. In Proceedings of the SIGCOMM Workshop on Hot Topics in Networking (HotNets). ACM.

[35]

Marian, A., Bruno, N., and Gravano, L. 2004. Evaluating top-k queries over web-accessible databases. ACM Trans. Datab. Syst. 29, 2, 319--362.

Digital Library

[36]

McSherry, F. and Mahajan, R. 2010. Differentially-private network trace analysis. In Proceedings of the ACM SIGCOMM Data Communications Festival.

Digital Library

[37]

Nishide, T. and Ohta, K. 2007. Multiparty computation for interval, equality, and comparison without bit-decomposition protocol. In Proceedings of the Conference on Theory and Practice of Public Key Cryptography (PKC).

Digital Library

[38]

Parekh, J. J., Wang, K., and Stolfo, S. J. 2006. Privacy-preserving payload-based correlation for accurate malicious traffic detection. In Proceedings of the ACM Workshop on Large-Scale Attack Defense (LSAD).

Digital Library

[39]

Ranjan, S., Shah, S., Nucci, A., Munafò, M. M., Cruz, R. L., and Muthukrishnan, S. M. 2007. Dowitcher: Effective worm detection and containment in the internet core. In Proceedings of INFOCOM.

[40]

Ringberg, H. 2009. Privacy-preserving collaborative anomaly detection. Ph.D. thesis, Princeton University.

Digital Library

[41]

Rossi, D., Mellia, M., and Meo, M. 2009. Understanding Skype signaling. Comput. Netw. 53, 2, 130--140.

Digital Library

[42]

Roughan, M. and Zhang, Y. 2006a. Privacy-preserving performance measurements. In Proceedings of the SIGCOMM Workshop on Mining Network Data (MineNet).

Digital Library

[43]

Roughan, M. and Zhang, Y. 2006b. Secure distributed data-mining and its application to large-scale network measurements. Comput. Comm. Rev. 36, 1, 7--14.

Digital Library

[44]

Sang, Y., Shen, H., Tan, Y., and Xiong, N. 2006. Efficient protocols for privacy preserving matching against distributed datasets. In Proceedings of the Conference on Information and Communications Security (ICICS).

Digital Library

[45]

Shamir, A. 1979. How to share a secret. Comm. ACM 22, 11, 612--613.

Digital Library

[46]

Shmatikov, V. and Wang, M. 2007. Security against probe-response attacks in collaborative intrusion detection. In Proceedings of the ACM Workshop on Large-scale Attack Defense (LSAD).

Digital Library

[47]

Stolfo, S. J. 2004. Worm and attack early warning. IEEE Secur. Priv. 2, 3, 73--75.

Digital Library

[48]

SWITCH. The Swiss education and research network. http://www.switch.ch.

[49]

Tariq, M. B., Motiwala, M., Feamster, N., and Ammar, M. 2009. Detecting network neutrality violations with causal inference. In Proceedings of the Conference on Emerging Networking Experiments and Technologies (CoNEXT).

Digital Library

[50]

Tellenbach, B., Burkhart, M., Schatzmann, D., Gugelmann, D., and Sornette, D. 2011. Accurate network anomaly classification with generalized entropy metrics. Comput. Netw. 55, 15, 3485--3502.

Digital Library

[51]

Vaidya, J. and Clifton, C. 2005. Privacy-preserving top-k queries. In Proceedings of the IEEE International Conference on Data Engineering (ICDE).

Digital Library

[52]

Vaidya, J. and Clifton, C. 2009. Privacy-preserving kth element score over vertically partitioned data. IEEE Trans. Knowl. Data 21, 2, 253--258.

Digital Library

[53]

Xiong, L., Chitti, S., and Liu, L. 2005. Topk queries across multiple private databases. In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS).

Digital Library

[54]

Yao, A. 1982. Protocols for secure computations. In Proceedings of the IEEE Symposium on Foundations of Computer Science.

Digital Library

[55]

Yegneswaran, V., Barford, P., and Jha, S. 2004. Global intrusion detection in the DOMINO overlay system. In Proceedings of the Network and Distributed System Security Symposium (NDSS).

Cited By

Mokry LSlife PBishop PQuiroz JGuzzi CChen ZCrainiceanu ANeedham D(2021)Efficient and Privacy-Preserving Collaborative Intrusion Detection Using Additive Secret Sharing and Differential Privacy2021 IEEE International Conference on Big Data (Big Data)10.1109/BigData52589.2021.9671428(3324-3333)Online publication date: 15-Dec-2021
https://doi.org/10.1109/BigData52589.2021.9671428
Hsu YHsueh CWu J(2020)A Privacy Preserving Cloud-Based K-NN Search Scheme with Lightweight User LoadsComputers10.3390/computers90100019:1(1)Online publication date: 1-Jan-2020
https://doi.org/10.3390/computers9010001
Park JLee D(2018) Privacy Preserving k -Nearest Neighbor for Medical Diagnosis in e-Health Cloud Journal of Healthcare Engineering10.1155/2018/40731032018(1-11)Online publication date: 15-Oct-2018
https://doi.org/10.1155/2018/4073103
Show More Cited By

Index Terms

Privacy-preserving distributed network troubleshooting—bridging the gap between theory and practice
1. Computer systems organization
  1. Architectures
    1. Distributed architectures
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures
      1. Distributed systems organizing principles

Recommendations

Privacy-preserving data mining in the malicious model

Most of the cryptographic work in privacy-preserving distributed data mining deals with semi-honest adversaries, which are assumed to follow the prescribed protocol but try to infer private information using the messages they receive during the ...
On the Communication Efficiency of Statistically Secure Asynchronous MPC with Optimal Resilience
Abstract
Secure multi-party computation (MPC) is a fundamental problem in secure distributed computing. An MPC protocol allows a set of n mutually distrusting parties with private inputs to securely compute any publicly known function of their inputs, by ... $^{}^{}$
Unconditionally secure disjointness tests for private datasets

We present two unconditional secure protocols for private set disjointness tests. In order to provide intuition of our protocols, we give a naive example that applies Sylvester matrices. Unfortunately, this simple construction is insecure as it reveals ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 14, Issue 4

December 2011

138 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/2043628

Issue’s Table of Contents

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Accepted: 01 July 2011

Revised: 01 March 2011

Received: 01 October 2010

Published: 26 December 2008

Published in TISSEC Volume 14, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
886
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)1

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mokry LSlife PBishop PQuiroz JGuzzi CChen ZCrainiceanu ANeedham D(2021)Efficient and Privacy-Preserving Collaborative Intrusion Detection Using Additive Secret Sharing and Differential Privacy2021 IEEE International Conference on Big Data (Big Data)10.1109/BigData52589.2021.9671428(3324-3333)Online publication date: 15-Dec-2021
https://doi.org/10.1109/BigData52589.2021.9671428
Hsu YHsueh CWu J(2020)A Privacy Preserving Cloud-Based K-NN Search Scheme with Lightweight User LoadsComputers10.3390/computers90100019:1(1)Online publication date: 1-Jan-2020
https://doi.org/10.3390/computers9010001
Park JLee D(2018) Privacy Preserving k -Nearest Neighbor for Medical Diagnosis in e-Health Cloud Journal of Healthcare Engineering10.1155/2018/40731032018(1-11)Online publication date: 15-Oct-2018
https://doi.org/10.1155/2018/4073103
Niksefat SKaghazgaran PSadeghiyan B(2017)Privacy issues in intrusion detection systems: A taxonomy, survey and future directionsComputer Science Review10.1016/j.cosrev.2017.07.00125(69-78)Online publication date: Aug-2017
https://doi.org/10.1016/j.cosrev.2017.07.001
Karapiperis DVatsalan DVerykios VChristen P(2015)Large-Scale Multi-party Counting Set Intersection Using a Space Efficient Global SynopsisDatabase Systems for Advanced Applications10.1007/978-3-319-18123-3_20(329-345)Online publication date: 9-Apr-2015
https://doi.org/10.1007/978-3-319-18123-3_20
Djatmiko MSchatzmann DDimitropoulos XFriedman ABoreli RAlmeroth KMathy LPapagiannaki KMisra V(2013)Federated flow-based approach for privacy preserving connectivity trackingProceedings of the ninth ACM conference on Emerging networking experiments and technologies10.1145/2535372.2535388(429-440)Online publication date: 9-Dec-2013
https://dl.acm.org/doi/10.1145/2535372.2535388
Iacovazzi AD'Alconzo ARicciato FBurkhart M(2013)Elementary secure-multiparty computation for massive-scale collaborative network monitoringComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2013.08.01757:17(3728-3742)Online publication date: 1-Dec-2013
https://dl.acm.org/doi/10.1016/j.comnet.2013.08.017
Zhang PHuang XSun XWang HMa Y(2012)Privacy-preserving anomaly detection across multi-domain networks2012 9th International Conference on Fuzzy Systems and Knowledge Discovery10.1109/FSKD.2012.6234272(1066-1070)Online publication date: May-2012
https://doi.org/10.1109/FSKD.2012.6234272
Dimitropoulos X(2011)Research Roadmap on Security MeasurementsProceedings of the 2011 First SysSec Workshop10.1109/SysSec.2011.20(83-85)Online publication date: 6-Jul-2011
https://dl.acm.org/doi/10.1109/SysSec.2011.20

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents