National Center for Supercomputing Applications Adam Slagell, Jun Wang and William Yurcik, National Center for Supercomputing Applications (NCSA) University.

Slides:



Advertisements
Similar presentations
I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.
Advertisements

Lecture 5: Cryptographic Hashes
Multi-Dimensional Range Query over Encrypted Data Authors: Elaine Shi, Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides originated.
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
©Silberschatz, Korth and Sudarshan12.1Database System Concepts Chapter 12: Indexing and Hashing Basic Concepts Ordered Indices B+-Tree Index Files B-Tree.
Detectability of Traffic Anomalies in Two Adjacent Networks Augustin Soule, Haakon Ringberg, Fernando Silveira, Jennifer Rexford, Christophe Diot.
Cryptography and Network Security Chapter 3
Traitor Tracing Papers Benny Chor, Amos Fiat and Moni Naor, Tracing Traitors (1994) Moni Naor and Benny Pinkas, Threshold Traitor Tracing (1998) Presented.
Wireless and Switch Security NETS David Mitchell.
MonNet status Sven Tafvelin Chalmers. RouterDWDM Original configuration.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
CS7380: Privacy Aware Computing Oblivious RAM 1. Motivation  Starting from software protection Prevent from software piracy A valid method is using hardware.
Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
Outsourcing Security Analysis with Anonymized Logs Jianqing Zhang, Nikita Borisov, William Yurcik 2 nd International Workshop on the Value of Security.
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.
Prefix-Preserving IP Address Anonymization: Measurement-based Security Evaluation and a New Cryptography-based Scheme Jun Xu, Jinliang Fan, Mostafa Ammar,
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
ICS 454: Principles of Cryptography
Lecture 23 Symmetric Encryption
A Study in TCP/BGP Session Security
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
Circuit CAD Tools as a Security Threat University of Michigan † and Rice University ‡ June 9, 2008 Jarrod A. Roy †, Farinaz Koushanfar ‡ and Igor L. Markov.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
R 18 G 65 B 145 R 0 G 201 B 255 R 104 G 113 B 122 R 216 G 217 B 218 R 168 G 187 B 192 Core and background colors: 1© Nokia Solutions and Networks 2014.
Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.
Network Flow-Based Anomaly Detection of DDoS Attacks Vassilis Chatzigiannakis National Technical University of Athens, Greece TNC.
1 Video traffic optimization in mobile wireless environments using adaptive applications Phd Forum UBICOMM 2008 David Esteban.
The Steganographic File System Ross Anderson, Roger Needlham, Adi Shamir Presented by: Pan Meng Presented by: Pan Meng.
Protecting Users’ Privacy when Tracing Network Traffic Stefan Saroiu and Troy Ronda University of Toronto.
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms David Chaum CACM Vol. 24 No. 2 February 1981 Presented by: Adam Lee 1/24/2006 David.
A Privacy-Preserving Interdomain Audit Framework Adam J. Lee Parisa Tabriz Nikita Borisov University of Illinois, Urbana-Champaign WPES 2006.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Developing a Comprehensive GENI Cyber Security Program Adam.
One-Time Pad Or Vernam Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.
Chapter 20 Symmetric Encryption and Message Confidentiality.
NetFlow: Digging Flows Out of the Traffic Evandro de Souza ESnet ESnet Site Coordinating Committee Meeting Columbus/OH – July/2004.
CSE4213 Computer Networks II
Fall 2005Computer Networks20-1 Chapter 20. Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv ARP 20.2 IP 20.3 ICMP 20.4 IPv6.
Private Keyword Search on Streaming Data Rafail Ostrovsky William Skeith UCLA (patent pending)
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Modeling Worms: Two papers at Infocom 2003 Worms Programs that self propagate across the internet by exploiting the security flaws in widely used services.
Replay Compilation: Improving Debuggability of a Just-in Time Complier Presenter: Jun Tao.
Lecture 3 Page 1 Advanced Network Security Review of Cryptography Advanced Network Security Peter Reiher August, 2014.
Modes of Operation INSTRUCTOR: DANIA ALOMAR. Modes of Operation A block cipher can be used in various methods for data encryption and decryption; these.
Two New Online Ciphers Mridul Nandi National Institute of Standards and Technology, Gaithersburg, MD Indocrypt 2008, Kharagpur.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
Open-Eye Georgios Androulidakis National Technical University of Athens.
Packet-Marking Scheme for DDoS Attack Prevention
March 23 & 28, Csci 2111: Data and File Structures Week 10, Lectures 1 & 2 Hashing.
Lecture 23 Symmetric Encryption
The Devil and Packet Trace Anonymization Authors: Ruoming Pang, Mark Allman, Vern Paxson and Jason Lee Published: ACM SIGCOMM Computer Communication Review,
MM Clements Adding Value to IOS Configs. Introduction IOS configs need you to add information Basic IP and subnet mask Clock rates for serial links Routing.
Mapping Internet Sensor With Probe Response Attacks Authors: John Bethencourt, Jason Franklin, and Mary Vernon. University of Wisconsin, Madison. Usenix.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms Zhichun Li 1, Lanjia Wang 2, Yan Chen 1 and Judy Fu 3 1 Lab.
Keyword search on encrypted data. Keyword search problem  Linux utility: grep  Information retrieval Basic operation Advanced operations – relevance.
QoS measurements Sven Tafvelin Chalmers university of Technology Gothenburg, Sweden.
@Yuan Xue CS 285 Network Security Block Cipher Principle Fall 2012 Yuan Xue.
Chapter 22 Next Generation IP
The Devil and Packet Trace Anonymization
ICS 454: Principles of Cryptography
Balancing Risk and Utility in Flow Trace Anonymization
Padding Oracle Attacks
ICS 555: Block Ciphers & DES Sultan Almuhammadi.
Introduction to Network
Presentation transcript:

National Center for Supercomputing Applications Adam Slagell, Jun Wang and William Yurcik, National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign Network Log Anonymization: Application of Crypto-PAn to Cisco Netflows

National Center for Supercomputing Applications Share for – Security Research Create better detection tools and test them – Security Operations – Network Measurements Who says its important? – DHS with Information Sharing and Analysis Centers – National Strategy to Secure Cyberspace Why Netflows? Motivation for Sharing Logs

National Center for Supercomputing Applications IP Anonymization Techniques Black Marker Effect – Great information loss – Cannot correlate attacks against machine X Truncation – Finer grained control of information loss – Used for Source Report at ISC Origins of scans Random Permutations – Injective Mapping, a type of pseudonymization – Allows correlation but destroys structure

National Center for Supercomputing Applications Prefix-Preserving Anonymization Definition – Let P be a permutation of the set of IP addresses – P is a prefix-preserving anonymization function if and only if for all IP addresses x and y: x and y match on exactly the same length prefix as P(x) and P(y) Preserves subnet structures and relationships Structure can of course be exploited by attackers

National Center for Supercomputing Applications Prefix Preserving Tools Crypto-PAn – Key based solution TCPdpriv – Table based solution for TCPdump files Ip2anonip – A filter to anonymize IP addresses based off TCPdpriv Ipsumdump – Summarizes TCP/IP dumps – Optionally performs prefix-preserving anonymization based off TCPdpriv

National Center for Supercomputing Applications What We Have Done The problem: – Our visualization tools use netflows – We need students to work on these projects – Information is sensitive Subnet structure is vital to tools. Thus Crypto- PAn is ideal. No key generator in Crypto-Pan Created a pass-phrase based key generator without extra libraries

National Center for Supercomputing Applications Key Generator – Input passphrase (unechoed), max 256 bytes – Wrap till buffer filled – CBC encrypt with fixed key This combines data to create an intermediate key – Why can’t we just XOR blocks? Cannot stop here, processes is reversible – Use the intermediate key to re-encrypt the original buffer Take the last 32 bytes as the end key – Even without dropping 244 bytes, this is irreversible

National Center for Supercomputing Applications Performance Work on binary logs Avoids extra conversions On laptop still less than 20 minutes for 2 Gigabytes of flows MACHINE (GHz)Records/SecondTotal Time (min) Dual 2.4 Xeon Single 2.4 Xeon Pentium M

National Center for Supercomputing Applications Conclusions & Future Work Feasible solution for even large universities – Provides high utility, but lower security Many attacks on anonymization schemes – Inference attacks, chosen plaintext, structure exploitation Need new options to balance utility & security – Different levels of anonymization Means considering more fields – Different types of logs

National Center for Supercomputing Applications Thank You Links of Interest – – – – ptopan/ ptopan/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.