SEPIA: Security through Private Information Aggregation

Organizations are reluctant to share network measurements due to privacy and security concerns. This impedes method validation, global network monitoring, and cooperation in network defense. State-of-the-art approaches for measurement sharing either require non-disclosure agreements or use anonymization techniques to protect privacy. Anonymization involves, however, an inherent tradeoff between disclosure risk and data utility. Moreover, recent attacks on anonymization show that these techniques are not as secure as expected, even when only passive adversaries are considered. To overcome these restrictions, we use multi-party computation techniques (MPC) for sharing network traffic data. In particular, we present MPC protocols tailored for common traffic analysis tasks. Our protocols enable the secure computation of distinct value counts of traffic features as well as of the entropy of traffic feature distributions, where the underlying traffic data are distributed among multiple organizations and remain private during the computation. The second main contribution of this work is SEPIA, a library of ready-to-use efficient implementations of MPC protocols for network traffic sharing applications. SEPIA facilitates the development of privacy-friendly joint traffic analysis applications involving multiple organizations. It uses efficient implementations of state-of-the-art cryptographic functions, thus enabling the near real-time analysis of network traffic data. We evaluate SEPIA using a number of realistic experiments based on actual backbone traffic traces and demonstrate its efficiency and applicability to near real-time traffic monitoring.