SEPIA: Security through Private Information Aggregation

Organizations are reluctant to share network measurements due to privacy and security concerns. This impedes method validation, global network monitoring, and cooperation in network defense. State- of-the-art approaches for measurement sharing either require non-disclosure agreements or use anony- mization techniques to protect privacy. Anonymization involves, however, an inherent tradeoff between disclosure risk and data utility. Moreover, recent attacks on anonymization show that these techniques are not as secure as expected, even when only passive adversaries are considered. To overcome these restric- tions, we use multi-party computation techniques (MPC) for sharing network traffic data. In particular, we present MPC protocols tailored for common traffic analysi s tasks. Our protocols enable the secure computation of distinct value counts of traffic features as w ell as of the entropy of traffic feature distribu- tions, where the underlying traffic data are distributed amo ng multiple organizations and remain private during the computation. The second main contribution of this work is SEPIA, a library of ready-to-use efficient implementations of MPC protocols for network traf fic sharing applications. SEPIA facilitates the development of privacy-friendly joint traffic analysis applications involving multiple organizations. It uses efficient implementations of state-of-the-art cryp tographic functions, thus enabling the near real- time analysis of network traffic data. We evaluate SEPIA usin g a number of realistic experiments based on actual backbone traffic traces and demonstrate its efficie ncy and applicability to near real-time traffic monitoring.