Data networks (2nd ed.)
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Communications of the ACM
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
New directions in traffic measurement and accounting
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Efficient implementation of a statistics counter architecture
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
New directions in privacy-preserving anomaly detection for network traffic
Proceedings of the 1st ACM workshop on Network data anonymization
Vanish: increasing data privacy with self-destructing data
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Hi-index | 0.00 |
Requirements for a traffic monitoring system can be very demanding as both privacy and performance aspects have to be taken into account jointly. Moreover, the legislation sets forth strict rules that must also be met. Various cryptographic primitives provide invaluable tools for realising privacy enforcing mechanisms in such a system with respect to the above mentioned goals. In this paper, we consider an arbitrary traffic anomaly detection system consisting of two stages. The first stage pre-processes the monitored traffic with both data rate reduction and privacy protection in mind. The second stage is in charge of the final analysis and storing the relevant information. In particular, the privacy sensitive information is encrypted on per flow basis by the first stage, so that the second stage cannot access any flow without an appropriate key, which is given only when there is a strong reason to do so. In this setting, we study a sliding window type of mechanism for escrowing a secret decryption key from the first stage to the second in response to observing a sufficient number of malicious events within a specified time duration. Given the flow specific key, the second stage can then take a closer look at the corresponding part of the traffic, and decide on further actions. As a result, the privacy of the other users cannot be violated.