STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Private collaborative forecasting and benchmarking
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Secure distributed data-mining and its application to large-scale network measurements
ACM SIGCOMM Computer Communication Review
Privacy-preserving performance measurements
Proceedings of the 2006 SIGCOMM workshop on Mining network data
FLAIM: a multi-level anonymization framework for computer and network logs
LISA '06 Proceedings of the 20th conference on Large Installation System Administration
Protocols for secure computations
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Privacy-Preserving Data Mining: Models and Algorithms
Privacy-Preserving Data Mining: Models and Algorithms
FairplayMP: a system for secure multi-party computation
Proceedings of the 15th ACM conference on Computer and communications security
Sharemind: A Framework for Fast Privacy-Preserving Computations
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Asynchronous Multiparty Computation: Theory and Implementation
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
The role of network trace anonymization under attack
ACM SIGCOMM Computer Communication Review
A distribution-based approach to anomaly detection and application to 3G mobile traffic
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
P4P: practical large-scale privacy-preserving distributed computation robust against malicious users
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
SEPIA: privacy-preserving aggregation of multi-domain network events and statistics
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
Privacy-preserving distributed network troubleshooting—bridging the gap between theory and practice
ACM Transactions on Information and System Security (TISSEC)
Hi-index | 0.00 |
Recently, Secure-Multiparty Computation (SMC) has been proposed as an approach to enable inter-domain network monitoring while protecting the data of individual ISPs. The SMC family includes many different techniques and variants, featuring different forms of ''security'', i.e., against different types of attack (er), and with different levels of computation complexity and communication overhead. In the context of collaborative network monitoring, the rate and volume of network data to be (securely) processed is massive, and the number of participating players is large, therefore scalability is a primary requirement. To preserve scalability one must sacrifice other requirement, like verifiability and computational completeness that, however, are not critical in our context. In this paper we consider two possible schemes: the Shamir's Secret Sharing (SSS), based on polynomial interpolation on prime fields, and the Globally-Constrained Randomization (GCR) scheme based on simple blinding. We address various system-level aspects and quantify the achievable performance of both schemes. A prototype version of GCR has been implemented as an extension of SEPIA, an open-source SMC library developed at ETH Zurich that supports SSS natively. We have performed a number of controlled experiments in distributed emulated scenarios for comparing SSS and GCR performance. Our results show that additions via GCR are faster than via SSS, that the relative performance gain increases when scaling up the data volume and/or number of participants, and when network conditions get worse. Furthermore, we analyze the performance degradation due to sudden node failures, and show that it can be satisfactorily controlled by containing the fault probability below a reasonable level.