872 research outputs found
Sharing Computer Network Logs for Security and Privacy: A Motivation for New Methodologies of Anonymization
Logs are one of the most fundamental resources to any security professional.
It is widely recognized by the government and industry that it is both
beneficial and desirable to share logs for the purpose of security research.
However, the sharing is not happening or not to the degree or magnitude that is
desired. Organizations are reluctant to share logs because of the risk of
exposing sensitive information to potential attackers. We believe this
reluctance remains high because current anonymization techniques are weak and
one-size-fits-all--or better put, one size tries to fit all. We must develop
standards and make anonymization available at varying levels, striking a
balance between privacy and utility. Organizations have different needs and
trust other organizations to different degrees. They must be able to map
multiple anonymization levels with defined risks to the trust levels they share
with (would-be) receivers. It is not until there are industry standards for
multiple levels of anonymization that we will be able to move forward and
achieve the goal of widespread sharing of logs for security researchers.Comment: 17 pages, 1 figur
Reference models for network trace anonymization
Network security research can benefit greatly from testing environments that are capable of generating realistic, repeatable and configurable background traffic. In order to conduct network security experiments on systems such as Intrusion Detection Systems and Intrusion Prevention Systems, researchers require isolated testbeds capable of recreating actual network environments, complete with infrastructure and traffic details. Unfortunately, due to privacy and flexibility concerns, actual network traffic is rarely shared by organizations as sensitive information, such as IP addresses, device identity and behavioral information can be inferred from the traffic. Trace data anonymization is one solution to this problem. The research community has responded to this sanitization problem with anonymization tools that aim to remove sensitive information from network traces, and attacks on anonymized traces that aim to evaluate the efficacy of the anonymization schemes. However there is continued lack of a comprehensive model that distills all elements of the sanitization problem in to a functional reference model.;In this thesis we offer such a comprehensive functional reference model that identifies and binds together all the entities required to formulate the problem of network data anonymization. We build a new information flow model that illustrates the overly optimistic nature of inference attacks on anonymized traces. We also provide a probabilistic interpretation of the information model and develop a privacy metric for anonymized traces. Finally, we develop the architecture for a highly configurable, multi-layer network trace collection and sanitization tool. In addition to addressing privacy and flexibility concerns, our architecture allows for uniformity of anonymization and ease of data aggregation
Security Considerations for Peer-to-Peer Distributed Hash Tables
Recent peer-to-peer research has focused on providing efficient hash lookup systems that can be used to build more complex systems. These systems have good properties when their algorithms are executed correctly but have not generally considered how to handle misbehaving nodes. This paper looks at what sorts of security problems are inherent in large peerto -peer systems based on distributed hash lookup systems. We examine the types of problems that such systems might face, drawing examples from existing systems, and propose some design principles for detecting and preventing these problems
Distributed Hash Tables in P2P Network: Detection and Prevention of Threats and Vulnerability
Currently the peer-to-peer search focuses on efficient hash lookup systems which can be use in building more complex distributed systems. These system works well when their algorithms are executed in right direction but generally they don’t consider how to handle misbehaving nodes. In our paper we considers different sorts of security problems which are inherent in peer-to peer systems based on distributed hash lookup systems. We examine different types of problems that this kind of systems might face, taking examples from existing systems. Here we propose some design principles for detecting as well preventing those problems. Keywords- Distributed hash lookup systems, verifiable system invariants, verifiable key assignment, Server selection in routing
k-Anonymity on Graphs using the Szemerédi Regularity Lemma
Graph anonymisation aims at reducing the ability of an attacker to identify the nodes of a graph by obfuscating its structural information. In k-anonymity, this means making each node indistinguishable from at least other k-1 nodes. Simply stripping the nodes of a graph of their identifying label is insufficient, as with enough structural knowledge an attacker can still recover the nodes identities. We propose an algorithm to enforce k-anonymity based on the Szemerédi regularity lemma. Given a graph, we start by computing a regular partition of its nodes. The Szemerédi regularity lemma ensures that such a partition exists and that the edges between the sets of nodes behave quasi-randomly. With this partition to hand, we anonymize the graph by randomizing the edges within each set, obtaining a graph that is structurally similar to the original one yet the nodes within each set are structurally indistinguishable. Unlike other k-anonymisation methods, our approach does not consider a single type of attack, but instead it aims to prevent any structure-based de-anonymisation attempt. We test our framework on a wide range of real-world networks and we compare it against another simple yet widely used k-anonymisation technique demonstrating the effectiveness of our approach
Blinder: End-to-end Privacy Protection in Sensing Systems via Personalized Federated Learning
This paper proposes a sensor data anonymization model that is trained on
decentralized data and strikes a desirable trade-off between data utility and
privacy, even in heterogeneous settings where the sensor data have different
underlying distributions. Our anonymization model, dubbed Blinder, is based on
a variational autoencoder and one or multiple discriminator networks trained in
an adversarial fashion. We use the model-agnostic meta-learning framework to
adapt the anonymization model trained via federated learning to each user's
data distribution. We evaluate Blinder under different settings and show that
it provides end-to-end privacy protection on two IMU datasets at the cost of
increasing privacy loss by up to 4.00% and decreasing data utility by up to
4.24%, compared to the state-of-the-art anonymization model trained on
centralized data. We also showcase Blinder's ability to anonymize the radio
frequency sensing modality. Our experiments confirm that Blinder can obscure
multiple private attributes at once, and has sufficiently low power consumption
and computational overhead for it to be deployed on edge devices and
smartphones to perform real-time anonymization of sensor data
- …