On pseudonymization of audit data for intrusion detection

Authors:
Joachim Biskup;Ulrich Flegel
Affiliations:
-;-
Venue:
International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability
Year:
2001

Citing 10
Cited 4

Untraceable electronic cash

CRYPTO '88 Proceedings on Advances in cryptology
The intrusion detection system AID—architecture, and experiences in automated audit analysis

Proceedings of the IFIP TC6/TC11 international conference on Communications and multimedia security II
Pseudonymous audit for privacy enhanced intrusion detection

SEC'97 Proceedings of the IFIP TC11 13 international conference on Information Security (SEC '97) on Information security in research and business
Anonymous authentication with subset queries (extended abstract)

CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Untraceable electronic mail, return addresses, and digital pseudonyms

Communications of the ACM
Anomaly-based intrusion detection: privacy concerns and other problems

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Transaction-Based Pseudonyms in Audit Data for Privacy Respecting Intrusion Detection

RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Identity Escrow

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
On Privacy Issues of Internet Access Services via Proxy Servers

Proceedings of the International Exhibition and Congress on Secure Networking - CQRE (Secure) '99

Pseudonymizing Unix Log Files

InfraSec '02 Proceedings of the International Conference on Infrastructure Security
Managing university internet access: balancing the need for security, privacy and digital evidence

Journal in Computer Virology
Non-expanding transaction specific pseudonymization for IP traffic monitoring

CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Anonymization of IP traffic monitoring data: attacks on two prefix-preserving anonymization schemes and some proposed remedies

PET'05 Proceedings of the 5th international conference on Privacy Enhancing Technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

In multilaterally secure intrusion detection systems (IDS) anonymity and accountability are potentially conflicting requirements. Since IDS rely on audit data to detect violations of security policy, we can balance above requirements by pseudonymization of audit data, as a form of reversible anonymization. We discuss previous work in this area and underlying trust models. Instead of relying on mechanisms external to the system, or under the control of potential adversaries, in our proposal we technically bind reidentification to a threshold, representing the legal purpose of accountability in the presence of policy violations. Also, we contrast our notion of threshold-based identity recovery with previous approaches and point out open problems.