Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Applied Cryptography in CyberTA Brent Waters Work with Dan Boneh and Amit Sahai.

Published byElisabeth Fitzgerald Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Applied Cryptography in CyberTA Brent Waters Work with Dan Boneh and Amit Sahai."— Presentation transcript:

1 1 Applied Cryptography in CyberTA Brent Waters Work with Dan Boneh and Amit Sahai

2 2 Role of Applied Crypto  Introduce new capabilities  Address needs of Data + Traffic Privacy Crypto Data Privacy Crypto Tools CyberTA problems

3 3 An Alert Detection System Data Generation Alert Analysis

4 4 NetFlow Logs  Record TCP Flows  Search for exfiltration,…  Ignore non-alert entries SRC IP SPORT DST IP DPORT PACKETS BYTES SECS --------------------------------------------------------------------------------- 131.252.120.0 33587 130.14.24.0 80 2 1002 1 130.39.136.0 4038 137.104.72.0 49662 479 127993 54 157.182.144.0 1138 65.54.128.0 80 3 88 1

5 5 NetFlow Logs SRC IP SPORT DST IP DPORT PACKETS BYTES SECS --------------------------------------------------------------------------------- 131.252.120.0 33587 130.14.24.0 80 2 1002 1 130.39.136.0 4038 137.104.72.0 49662 479 127993 54 157.182.144.0 1138 65.54.128.0 80 3 88 1 Classified system Chinese IPLarge Data

6 6 System Goals  Analyze Abnormal Events  Minimal Disclosure  Simple Data Generation  Flexible Searching Rules

7 7 Available Options  Completely Trust Data Collector Violates Minimal Disclosure  Push Policy to Data Generators Simplicity Flexibility, Policy Changes  Conclusion => Need new Mechanism

8 8 Identity-Based Encryption (IBE) IBE: [BF’01] Public key encryption scheme where public key is an arbitrary string ( ID ).  Examples: user’s e-mail address, current-date, … email encrypted using public key: “bob@stanford.edu” master-key CA/PKG I am “bob@stanford.edu” Private key

9 9 Limitations of IBE  Lack of Expressivity Just a string  Require Encrypting with Structure Reflects Application Build Policy

10 10 Attribute-Based Encryption (ABE) email encrypted using public key: master-key CA/PKG Priority= Urgent AND Subj = CyberTA Private key  Attributes Describe Data  Keys Identified with Policies Attributes To: Bob Subj: CyberTA Priority: Urgent

11 11 ABE Features  Encryption labels data w/ attributes Simple Application Aware  Authority gives policy keys Expressive Late-Binding

12 12 ABE on NetFlow Logs  Each category is simply an attribute  Make keys for exfiltration, etc.  (SRC_IP=Top Secret) OR (bytes >100KB AND DestIP = Foreign) SRC IP SPORT DST IP DPORT PACKETS BYTES SECS --------------------------------------------------------------------------------- 131.252.120.0 33587 130.14.24.0 80 2 1002 1 130.39.136.0 4038 137.104.72.0 49662 479 127993 54 157.182.144.0 1138 65.54.128.0 80 3 88 1

13 13 An Alert Detection System Data Generation Alert Analysis Authority ABE enc. data ABE Keys

14 14 Progress  Developed ABE Crypto System  Delegation  Efficiency Improvements

15 15 Challenges Ahead  Build a “Blinded IDS”  Make an Intermediate Language E.g. How to Express numbers as attributes  Combine App. Domain Knowledge and Crypto

16 16 THE END

Download ppt "1 Applied Cryptography in CyberTA Brent Waters Work with Dan Boneh and Amit Sahai."

Similar presentations

Architectural issues for network-layer identifiers Stefan Savage Dept of Computer Science & Engineering UC San Diego.

Architectural issues for network-layer identifiers Stefan Savage Dept of Computer Science & Engineering UC San Diego.
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Towards Software Defined Cellular Networks

Towards Software Defined Cellular Networks
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Attribute-based Encryption

Attribute-based Encryption
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters.

Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Encryption Public-Key, Identity-Based, Attribute-Based.

Encryption Public-Key, Identity-Based, Attribute-Based.
OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA 2011. 04. 11 Presented.

OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA Presented.
Access Control Methodologies

Access Control Methodologies
1 A Fully Collusion Resistant Broadcast, Trace and Revoke System Brent Waters SRI International Dan Boneh Stanford.

1 A Fully Collusion Resistant Broadcast, Trace and Revoke System Brent Waters SRI International Dan Boneh Stanford.
Snort Roy INSA Lab.. Outline What is “ Snort ” ? Working modes How to write snort rules ? Snort plug-ins It ’ s show time.

Snort Roy INSA Lab.. Outline What is “ Snort ” ? Working modes How to write snort rules ? Snort plug-ins It ’ s show time.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Cryptography for Backup Navigation

Cryptography for Backup Navigation
Identity Based Encryption

Identity Based Encryption
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Your Presenter Amer Sharaf Electronic Payments: Where do we go from here? ByMarkus Jakobsson David Mraihi Yiannis Tsiounis Moti Yung.

Your Presenter Amer Sharaf Electronic Payments: Where do we go from here? ByMarkus Jakobsson David Mraihi Yiannis Tsiounis Moti Yung.
Implementing a Distributed Firewall

Implementing a Distributed Firewall

Similar presentations

Ads by Google