Sharing Computer Network Logs for Security and Privacy: A Motivation for New Methodologies of Anonymization

Logs are one of the most fundamental resources to any security professional. It is widely recognized by the government and industry that it is both beneficial and desirable to share logs for the purpose of security research. However, the sharing is not happening or not to the degree or magnitude that is desired. Organizations are reluctant to share logs because of the risk of exposing sensitive information to potential attackers. We believe this reluctance remains high because current anonymization techniques are weak and one-size-fits-all--or better put, one size tries to fit all. We must develop standards and make anonymization available at varying levels, striking a balance between privacy and utility. Organizations have different needs and trust other organizations to different degrees. They must be able to map multiple anonymization levels with defined risks to the trust levels they share with (would-be) receivers. It is not until there are industry standards for multiple levels of anonymization that we will be able to move forward and achieve the goal of widespread sharing of logs for security researchers.Comment: 17 pages, 1 figur

FLAIM: A Multi-level Anonymization Framework for Computer and Network Logs

FLAIM (Framework for Log Anonymization and Information Management) addresses two important needs not well addressed by current log anonymizers. First, it is extremely modular and not tied to the specific log being anonymized. Second, it supports multi-level anonymization, allowing system administrators to make fine-grained trade-offs between information loss and privacy/security concerns. In this paper, we examine anonymization solutions to date and note the above limitations in each. We further describe how FLAIM addresses these problems, and we describe FLAIM's architecture and features in detail.Comment: 16 pages, 4 figures, in submission to USENIX Lis

Implementation of Secure Log Management Over Cloud

A Log records are very important information which is related to activities of systems, applications or networks and these log records having various fields and their syntax. Actually logs are automatically generated on activities that are done and doing by user on system, or on any Applications such as Google Chrome or in networks. These logs are costly and need to any organization for future references such as to identify or finding any problems, to record all events, to find performance, and to investigate malicious activities in systems or networks or in application. So, protection of logs from attackers is required. Hence organization should maintain integrity, confidentiality, and security of logs. The cost to maintain logs for organizations for longer period is very less. Hence, we developed secure log management over cloud to decrease cost as well as provide security of log from attackers. To achieve this, we have done this with the help of Blowfish algorithm to Encrypt log records then SHA-1 is used to provide confidentiality while transmitting and at end point security purpose we used Shamir’s Secret sharing algorithm. DOI: 10.17762/ijritcc2321-8169.150511

Анализ методов корреляции событий безопасности в SIEM-системах. Часть 1.

The paper is devoted to the analysis of security event correlation methods in Security Information and Event Management (SIEM) systems. The correlation process is considered to be a multilevel hierarchy of stages. The goal of each stage consists in executing appropriate operations on security data being processed. Based on this analysis we outline each correlation stage and their interaction scheme.Статья посвящена анализу методов корреляции событий безопасности в системах управления информацией и событиями безопасности (SIEM-системах). Процесс корреляции событий безопасности рассматривается в виде многоуровневой иерархии этапов, цель каждого из которых заключается в выполнении определенных операций над обрабатываемыми данными безопасности. На основе результатов проведенного анализа в работе приводится описание каждого этапа процесса корреляции и схемы их взаимодействия

A Complete System To Securely Outsource Log Records To A Cloud Provider

In View Of The Fact That Log Files Hold Record Of Most System Events Including User Activities They Turn Out To Be An Important Target For Malicious Attackers. An Attacker Breaking Into A System Normally Would Try Not To Leave Traces Of His Or Her Activities Behind. As A Result The First Thing An Attacker Often Does Is To Harm Log Files Or Break Off The Logging Services. In Addition The Sensitive Information Contained In Log Files Often Directly Contributes To Confidentiality Breaches. An Illustration Of This Is When Logs Contain Database Transaction Data. Regularly Log Information Can Be Cooperative To An Attacker In Attainment Unauthorized Access To System. One Example Of This Is The Case When A User Incorrectly Enters Her Password In The Username Field While Logging Into A System. Logging Programs Will Store Up The Password As The User-Id To Evidence The Information That A User Has Failed To Log In. Last But Not Least Information In Log File Can Also Be Used To Cause Privacy Breaches For Users In The System Since The Log File Contains Record Of All Events In The System. It Is Extremely Significant That Logging Be Provided In A Protected Manner And That The Log Records Are Effectively Protected For A Predetermined Amount Of Time Maybe Even Indefinitely. Traditional Logging Protocols That Are Based On Syslog Have Not Been Designed With Such Security Features In Mind.

Sensible Privacy: How We Can Protect Domestic Violence Survivors Without Facilitating Misuse

Privacy is a concept with real life ties and implications. Privacy infringement has the potential to lead to serious consequences for the stakeholders involved, hence researchers and organisations have developed various privacy enhancing techniques and tools. However, there is no solution that fits all, and there are instances where privacy solutions could be misused, for example to hide nefarious activities. Therefore, it is important to provide suitable measures and to make necessary design tradeoffs in order to avoid such misuse. This short paper aims to make a case for the need of careful consideration when designing a privacy solution, such that the design effectively addresses the user requirements while at the same time minimises the risk of inadvertently assisting potential offenders. In other words, this paper strives to promote “sensible privacy” design, which deals with the complex challenges in balancing privacy, usability and accountability. We illustrate this idea through a case study involving the design of privacy solutions for domestic violence survivors. This is the main contribution of the paper. The case study presents specific user requirements and operating conditions, which coupled with the attacker model, provide a complex yet interesting scenario to explore. One example of our solutions is described in detail to demonstrate the feasibility of our approach

Evaluating the design of an audit data pseudonymizer using basic building blocks for anonymity

Using an audit data pseudonymization system as an example, we show how the APES approach for basic anonymity building blocks can be used to informally evaluate the design of a given anonymity system. As a by-product we obtain indications of the usefulness and (in)completeness of the APES building blocks approach

Privacy-preserving alert correlation and report retrieval

Intrusion Detection Systems (IDSs) have been widely deployed on both hosts and networks and serve as a second line of defense. Generally, an IDS flags malicious activates as IDS alerts and forwards them to security officers for further responses. The core issue of IDSs is to minimize both false positives and false negatives. Previous research shows that alert correlation is an effective solution. Moreover, alert correlation (in particular, under the cross-domain setting) can fuse distributed information together and thus be able to detect large-scale attacks that local analysis fails to handle. However, in practice the wide usage of alert correlation is hindered by the privacy concern. In this thesis, we propose the TEIRESIAS protocol, which can ensure the privacy-preserving property during the whole process of sharing and correlating alerts, when incorporated with anonymous communication systems. Furthermore, we also take the fairness issue into consideration when designing the procedure of retrieving the results of correlation. More specifically, a contributor can privately retrieve correlated reports in which she involved. The TEIRESIAS protocol is based mainly on searchable encryption, including both symmetric-key encryption with keyword search (SEKS) and public-key encryption with keyword search (PEKS). While designing TEIRESIAS, we identify a new statistical guessing attack against PEKS. To address this problem, we propose the PEKSrand scheme, which is an extension of PEKS and can mitigate both brute-force guessing attacks and statistical guessing attacks. The PEKSrand scheme can either be used independently or be combined with TEIRESIAS to further improve its privacy protection

Relevance and Privacy Improvements to the YaCy Decentralized Web Search Engine

The YaCy decentralized web search engine carries significant potential advantages in censorship resistance over centralized search engines such as Google. However, YaCy currently suffers from deficiencies in relevance of results as well as weaknesses in privacy. We have developed improvements to YaCy's relevance, including tools to generate a ranking dataset that can be fed to machine learning algorithms, fixes for some significant YaCy flaws that severely damaged ranking, and tools for ensuring that the decentralized index contains relevant results. We have also conducted an initial privacy audit of YaCy's usage of anonymizing proxies and YaCy's application-layer protocol, with recommendations for improving YaCy's privacy in both areas. We believe that this work helps pave the way for YaCy to become a credible competitor to centralized search engines. We expect future work to experiment with various machine learning implementations using our ranking dataset generation toolset, as well as implementing the improvements recommended by our initial privacy audit and conducting more extensive privacy audits once our initial recommendations are implemented

A holistic multi-purpose life logging framework

Die Paradigm des Life-Loggings verspricht durch den Vorschlag eines elektronisches Gedächtnisses dem menschlichem Gedächtnis eine komplementäre Assistenz. Life-Logs sind Werkzeuge oder Systeme, die automatisch Ereignisse des Lebens des Benutzers aufnehmen. Im technischem Sinne sind es Systeme, die den Alltag durchdringen und kontinuierlich konzeptuelle Informationen aus der Umgebung des Benutzers erfassen. Teile eines so gesammelten Datensatzes könnten aufbewahrt und für die nächsten Generationen zugänglich gemacht werden. Einige Teile sind es wert zusätzlich auch noch mit der Gesellschaft geteilt zu werden, z.B. in sozialen Netzwerken. Vom Teilen solcher Informationen profitiert sowohl der Benutzer als auch die Gesellschaft, beispielsweise durch die Verbesserung der sozialen Interaktion des Users, das ermöglichen neuer Gruppenverhaltensstudien usw. Anderseits, im Sinne der individuellen Privatsphäre, sind Life-log Informationen sehr sensibel und entsprechender Datenschutz sollte schon beim Design solcher Systeme in Betracht gezogen werden. Momentan sind Life-Logs hauptsächlich für den spezifischen Gebrauch als Gedächtnisstützen vorgesehen. Sie sind konfiguriert um nur mit einem vordefinierten Sensorset zu arbeiten. Das bedeutet sie sind nicht flexibel genug um neue Sensoren zu akzeptieren. Sensoren sind Kernkomponenten von Life-Logs und mit steigender Sensoranzahl wächst auch die Menge der Daten die für die Erfassung verfügbar sind. Zusätzlich bietet die Anordnung von mehreren Sensordaten bessere qualitative und quantitative Informationen über den Status und die Umgebung (Kontext) des Benutzers. Offenheit für Sensoren wirkt sich also sowohl für den User als auch für die Gemeinschaft positiv aus, indem es Potential für multidisziplinnäre Studien bietet. Zum Beispiel können Benutzer Sensoren konfigurieren um ihren Gesundheitszustand in einem gewissen Zeitraum zu überwachen und das System danach ändern um es wieder als Gedächtnisstütze zu verwenden. In dieser Dissertation stelle ich ein Life-Log Framework vor, das offen für die Erweiterung und Konfiguration von Sensoren ist. Die Offenheit und Erweiterbarkeit des Frameworks wird durch eine Sensorklassiffzierung und ein flexibles Model für die Speicherung der Life-Log Informationen unterstützt. Das Framework ermöglicht es den Benützern ihre Life-logs mit anderen zu teilen und unterstützt die notwendigen Merkmale vom Life Logging. Diese beinhalten Informationssuche (durch Annotation), langfristige digitale Erhaltung, digitales Vergessen, Sicherheit und Datenschutz.The paradigm of life-logging promises a complimentary assistance to the human memory by proposing an electronic memory. Life-logs are tools or systems, which automatically record users' life events in digital format. In a technical sense, they are pervasive tools or systems which continuously sense and capture contextual information from the user's environment. A dataset will be created from the collected information and some records of this dataset are worth preserving in the long-term and enable others, in future generations, to access them. Additionally, some parts are worth sharing with society e.g. through social networks. Sharing this information with society benefits both users and society in many ways, such as augmenting users' social interaction, group behavior studies, etc. However, in terms of individual privacy, life-log information is very sensitive and during the design of such a system privacy and security should be taken into account. Currently life-logs are designed for specific purposes such as memory augmentation, but they are not flexible enough to accept new sensors. This means that they have been configured to work only with a predefined set of sensors. Sensors are the core component of life-logs and increasing the number of sensors causes more data to be available for acquisition. Moreover a composition of multiple sensor data provides better qualitative and quantitative information about users' status and their environment (context). On the other hand, sensor openness benefits both users and communities by providing appropriate capabilities for multidisciplinary studies. For instance, users can configure sensors to monitor their health status for a specific period, after which they can change the system to use it for memory augmentation. In this dissertation I propose a life-log framework which is open to extension and configuration of its sensors. Openness and extendibility, which makes the framework holistic and multi-purpose, is supported by a sensor classification and a flexible model for storing life-log information. The framework enables users to share their life-log information and supports required features for life logging. These features include digital forgetting, facilitating information retrieval (through annotation), long-term digital preservation, security and privacy