1 Applied Cryptography in CyberTA Brent Waters Work with Dan Boneh and Amit Sahai.

Slides:



Advertisements
Similar presentations
Architectural issues for network-layer identifiers Stefan Savage Dept of Computer Science & Engineering UC San Diego.
Advertisements

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Towards Software Defined Cellular Networks
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Attribute-based Encryption
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Encryption Public-Key, Identity-Based, Attribute-Based.
OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA Presented.
Access Control Methodologies
1 A Fully Collusion Resistant Broadcast, Trace and Revoke System Brent Waters SRI International Dan Boneh Stanford.
Snort Roy INSA Lab.. Outline What is “ Snort ” ? Working modes How to write snort rules ? Snort plug-ins It ’ s show time.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Cryptography for Backup Navigation
Identity Based Encryption
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Your Presenter Amer Sharaf Electronic Payments: Where do we go from here? ByMarkus Jakobsson David Mraihi Yiannis Tsiounis Moti Yung.
Implementing a Distributed Firewall
Information Networking Security and Assurance Lab National Chung Cheng University Snort.
Cryptographic Approach for Delegation and Authorization in Cloud Computing Di Ma NSF Workshop on Security for Cloud Computing Mar. 15 ~ Mar. 16, 2012 Arlington,
1 Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys Dan Boneh, Craig Gentry, and Brent Waters.
Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA.
Dan Boneh Introduction What is cryptography? Online Cryptography Course Dan Boneh.
USENIX LISA ‘99 Conference © Copyright 1999, Martin Roesch Snort - Lightweight Intrusion Detection for Networks Martin Roesch.
A fast identification method for P2P flow based on nodes connection degree LING XING, WEI-WEI ZHENG, JIAN-GUO MA, WEI- DONG MA Apperceiving Computing and.
Functional Encryption: An Introduction and Survey Brent Waters.
Attribute Data in GIS Data in GIS are stored as features AND tabular info Tabular information can be associated with features OR Tabular data may NOT be.
Network Flow-Based Anomaly Detection of DDoS Attacks Vassilis Chatzigiannakis National Technical University of Athens, Greece TNC.
SAT: Situation Aware Trust Architecture for Vehicular Networks Xiaoyan Hong, Univ of Alabama Dijiang Huang, Arizona State Univ Mario Gerla, UCLA Zhen Cao,
Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.
Switch off your Mobiles Phones or Change Profile to Silent Mode.
ECE Prof. John A. Copeland Office: Klaus or call.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Attribute-Based Encryption Brent Waters SRI International.
1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.
SNORT Feed the Pig Vicki Insixiengmay Jon Krieger.
Attribute-Based Encryption with Non-Monotonic Access Structures
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Key-Policy Attribute-Based Encryption Present by Xiaokui.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
CS555Topic 251 Cryptography CS 555 Topic 25: Quantum Crpytography.
Security, Accounting, and Assurance Mahdi N. Bojnordi 2004
Open-Eye Georgios Androulidakis National Technical University of Athens.
AUTHORS – X. NIE, D. FENG, J. CHE, X. WANG PRESENTED BY- PREOYATI KHAN KENT STATE UNIVERSITY Design and Implementation of Security Operating System based.
Academic Year 2014 Spring Academic Year 2014 Spring.
Fuzzy Identity Based Encryption Brent Waters Current Research with Amit Sahai.
Attribute-Based Encryption
Attribute-Based Encryption With Verifiable Outsourced Decryption.
L o g o Modern DBMSs security problems Nguyen Chi Thanh Nguyen Thanh Toan Group:
1 Efficient Selective-ID IBE Without Random Oracle Dan Boneh Stanford University Xavier Boyen Voltage Security.
Presenter : Weerawardhana J.L.M.N. Department of Computer Engineering, University of Peradeniya.
1 Minneapolis‘ IETF IPFIX Aggregation draft-dressler-ipfix-aggregation-00.txt.
Online/Offline Attribute-Based Encryption Brent WatersSusan Hohenberger Presented by Shai Halevi.
IS3220 Information Technology Infrastructure Security
Unit 2 Personal Cyber Security and Social Engineering Part 2.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
Improving Security Over Ipv6 Authentication Header Protocol using IP Traceback and TTL Devon Thomas, Alex Isaac, Majdi Alharthi, Ali Albatainah & Abdelshakour.
SMARTIE Area of Activity: Framework Programme 7Framework Programme 7 ICT Objective 1.4 IoT (Smart Cities) Period:1 st September st August 2016.
or call for office visit, or call Kathy Cheek,
Offline Auditing for Privacy
The Stanford Clean Slate Program
Chapter 8: Monitoring the Network
Building an Encrypted and Searchable Audit Log
Attribute-Based Encryption
Chapter 4: outline 4.1 Overview of Network layer data plane
Presentation transcript:

1 Applied Cryptography in CyberTA Brent Waters Work with Dan Boneh and Amit Sahai

2 Role of Applied Crypto  Introduce new capabilities  Address needs of Data + Traffic Privacy Crypto Data Privacy Crypto Tools CyberTA problems

3 An Alert Detection System Data Generation Alert Analysis

4 NetFlow Logs  Record TCP Flows  Search for exfiltration,…  Ignore non-alert entries SRC IP SPORT DST IP DPORT PACKETS BYTES SECS

5 NetFlow Logs SRC IP SPORT DST IP DPORT PACKETS BYTES SECS Classified system Chinese IPLarge Data

6 System Goals  Analyze Abnormal Events  Minimal Disclosure  Simple Data Generation  Flexible Searching Rules

7 Available Options  Completely Trust Data Collector Violates Minimal Disclosure  Push Policy to Data Generators Simplicity Flexibility, Policy Changes  Conclusion => Need new Mechanism

8 Identity-Based Encryption (IBE) IBE: [BF’01] Public key encryption scheme where public key is an arbitrary string ( ID ).  Examples: user’s address, current-date, … encrypted using public key: master-key CA/PKG I am Private key

9 Limitations of IBE  Lack of Expressivity Just a string  Require Encrypting with Structure Reflects Application Build Policy

10 Attribute-Based Encryption (ABE) encrypted using public key: master-key CA/PKG Priority= Urgent AND Subj = CyberTA Private key  Attributes Describe Data  Keys Identified with Policies Attributes To: Bob Subj: CyberTA Priority: Urgent

11 ABE Features  Encryption labels data w/ attributes Simple Application Aware  Authority gives policy keys Expressive Late-Binding

12 ABE on NetFlow Logs  Each category is simply an attribute  Make keys for exfiltration, etc.  (SRC_IP=Top Secret) OR (bytes >100KB AND DestIP = Foreign) SRC IP SPORT DST IP DPORT PACKETS BYTES SECS

13 An Alert Detection System Data Generation Alert Analysis Authority ABE enc. data ABE Keys

14 Progress  Developed ABE Crypto System  Delegation  Efficiency Improvements

15 Challenges Ahead  Build a “Blinded IDS”  Make an Intermediate Language E.g. How to Express numbers as attributes  Combine App. Domain Knowledge and Crypto

16 THE END

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.