You are here

SEPIA: privacy-preserving aggregation of multi-domain network events and statistics

TitleSEPIA: privacy-preserving aggregation of multi-domain network events and statistics
Publication TypeConference Paper
Year of Publication2010
AuthorsBurkhart, M, Strasser, M, Many, D, Dimitropoulos, X
Conference NameProceedings of the 19th USENIX conference on Security
Date Published08/2010
PublisherUSENIX Association
Conference LocationWashington, DC, USA
ISBN Number888-7-6666-5555-4
Keywordsprivacy, secure multi-party computation, SMC
Abstract

Secure multiparty computation (MPC) allows joint privacy-preserving computations on data of multiple parties. Although MPC has been studied substantially, building solutions that are practical in terms of computation and communication cost is still a major challenge. In this paper, we investigate the practical usefulness of MPC for multi-domain network security and monitoring. We first optimize MPC comparison operations for processing high volume data in near real-time. We then design privacy-preserving protocols for event correlation and aggregation of network traffic statistics, such as addition of volume metrics, computation of feature entropy, and distinct item count. Optimizing performance of parallel invocations, we implement our protocols along with a complete set of basic operations in a library called SEPIA. We evaluate the running time and bandwidth requirements of our protocols in realistic settings on a local cluster as well as on PlanetLab and show that they work in near real-time for up to 140 input providers and 9 computation nodes. Compared to implementations using existing general-purpose MPC frameworks, our protocols are significantly faster, requiring, for example, 3 minutes for a task that takes 2 days with general-purpose frameworks. This improvement paves the way for new applications of MPC in the area of networking. Finally, we run SEPIA's protocols on real traffic traces of 17 networks and show how they provide new possibilities for distributed troubleshooting and early anomaly detection.

URLhttp://dl.acm.org/citation.cfm?id=1929820.1929840
AttachmentSize
PDF icon USENIX Security'10 - SEPIA.pdf500.98 KB