Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Privacy-Preserving Interdomain Audit Framework Adam J. Lee Parisa Tabriz Nikita Borisov University of Illinois, Urbana-Champaign WPES 2006.

Published byDorothy Barber Modified over 9 years ago

Similar presentations

Presentation on theme: "A Privacy-Preserving Interdomain Audit Framework Adam J. Lee Parisa Tabriz Nikita Borisov University of Illinois, Urbana-Champaign WPES 2006."— Presentation transcript:

1 A Privacy-Preserving Interdomain Audit Framework Adam J. Lee Parisa Tabriz Nikita Borisov University of Illinois, Urbana-Champaign WPES 2006

2 Security Auditing Necessary for the maintenance of secure and robust systems Logs contain sensitive information Often performed centrally within one organization

3 Motivation for Distributed Audit Coordinated attacks are a growing threat [1] –Correlated network reconnaissance –Application-level abuses But there is still that whole privacy thing… [1] S. Katti, B. Krishnamurthy, and D. Katabi. Collaborating Against Common Enemies. Internet Measurement Conference, 2005. Privacy- Preserving Now we can… Detect coordinated attacks Avoid single point of failure Analyze data otherwise protected under privacy legislation

4 Practical Scenarios Virtual Organizations Grid Computing Research Labs Organizations with multiple sites Raw Logs Anonymized Logs Privacy Policy Spectrum This work

5 Plan of Action… 1.System Architecture 2.Threat Model 3.Log Obfuscation Techniques 4.Implementation and Evaluation 5.Discussion and Future Work

6 System Architecture Audit Group Auditor Organization Alert !

7 Threat Model The Organizations… –Keep secrets secret –May try to probe other organizations The Auditor… –An “honest, but curious” adversary –Probabilistic guarantees against a Byzantine adversary

8 Data Formats Identifiers (ie. DEBUG, WARN) Numbers (ie. 80, 3.14) Trees (ie. 192.168.0.1) Partially Ordered Sets (ie. RBAC systems) Lists (ie. Packet header fields)

9 Obfuscation Levels Full Disclosure Local Exact Match Portion Dropping Local Prefix Match Local Greater-Than Basic Numeric Transformations Local Blinded Arithmetic Complete Obfuscation

10 Local Exact Match Suppose we want an auditor to verify if some message value of a log matches, but not leak any information about the value of that field… Use a keyed-hash MAC to obfuscate value –Can only recover original data by brute force search in space of possible values Warn Error Debug ErrorWarn

11 Local Prefix Match Suppose we are only interested in certain IP address subnets matching in a log field… Use the keyed-hash MAC construction on each “portion” of a hierarchical log field. –Compared to other prefix-preserving schemes, can be done in one pass 19216801 192 168 0 10 2 31

12 Local Greater-Than Suppose we want to know if some user belongs to a group role in a system… Represent a transformed poset as a bloom filter to test set membership Student User Staff GraduateUndergrad Student User Staff GraduateUndergrad

13 Local Blinded Summation Suppose we want to provide daily summary reports on intrusions and alerts to all audit members without leaking information about actual statistics. Use homomorphic encryption –Given the complexity of homomorphic computation, appropriate for batched processing 505134639 +=

14 Analysis Engine A Basic Implementation IDS Logs Application Logs Traffic Logs GLO Alert Manager OrganizationAuditor Alert !

15 Evaluation On a standard computer… –P4 2.5GHz Processor, 512M RAM, Linux, blah, blah The processing rates are reasonable… –NCSA IDS rates: ~30 records/second –GLO Fastest: Complete obfuscation on a number, poset, identifier is ~20,000 records/second. Slowest: Prefix-preserving match on a tree is ~7,000 records/second A typical network log is processed fast enough… –A log similar to tcpdump processes at ~3,500 records/second

16 Catching Liars and Cheaters How do we assure the auditor is running the correct software? Trusted computing platforms How can we detect false or incomplete alarms? Sign logs to verify alerts Plant fake log sequences How do we detect probing organizations? Define rules to detect gaming

17 Information Disclosure Fields in logs are often related Common knowledge can circumvent obfuscation (the crowd boos) Choose data fields to be reported carefully Consider functional dependencies

18 Future Work Combating information leakage Standard log conversion and optimized obfuscation Investigation into distributed attack detection Key management protocol for audit group

19 Cliff’s Notes Architecture and obfuscation methods for privacy-preserving distributed audit An encouraging evaluation of obfuscation techniques Some challenges and incentive for further research Questio ns?

Download ppt "A Privacy-Preserving Interdomain Audit Framework Adam J. Lee Parisa Tabriz Nikita Borisov University of Illinois, Urbana-Champaign WPES 2006."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar(96608205043) C.Karthik(96608205022) H.Sheik mohideen(96608205046) S.Lakshmi rajan(96608205023)

Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar( ) C.Karthik( ) H.Sheik mohideen( ) S.Lakshmi rajan( )
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.

Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Outsourcing Security Analysis with Anonymized Logs Jianqing Zhang, Nikita Borisov, William Yurcik 2 nd International Workshop on the Value of Security.

Outsourcing Security Analysis with Anonymized Logs Jianqing Zhang, Nikita Borisov, William Yurcik 2 nd International Workshop on the Value of Security.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Privacy-Preserving Cross-Domain Network Reachability Quantification

Privacy-Preserving Cross-Domain Network Reachability Quantification
National Center for Supercomputing Applications Adam Slagell, Jun Wang and William Yurcik, National Center for Supercomputing Applications (NCSA) University.

National Center for Supercomputing Applications Adam Slagell, Jun Wang and William Yurcik, National Center for Supercomputing Applications (NCSA) University.
Collaborating Against Common Enemies Sachin Katti Balachander Krishnamurthy and Dina Katabi AT&T Labs-Research & MIT CSAIL.

Collaborating Against Common Enemies Sachin Katti Balachander Krishnamurthy and Dina Katabi AT&T Labs-Research & MIT CSAIL.

Similar presentations

Ads by Google