Defensive techniques against Internet-scale attacks can signicantly benet from sharing network security data among dierent domains. However, cross-domain collaborative security is aected by a native dichotomy. On one side, sharing of monitoring data across domains may signicantly help in detecting large scale threats and attacks; on the other side, data sharing con icts with the need to protect network customers' privacy and condentiality of business and operational information. In this thesis, we address the challenges through sharing network security data and we propose two distinct approaches enable what we call conditional data sharing, i.e., permit cross-domain sharing of ne-grained organized subsets of network security data, only when a global attack is ongoing in the network and multiple of the domain contributors are ready to reveal their data for the same incident. In the rst so called threshold-based approach, we propose a cryptographic construction devised to permit disclosure of cross-domain shared ne-grained organized subsets of network monitoring data, only when a threshold number of domains are determined for the data closure. The proposed approach revolves on a careful combination of distributed threshold based cryptography with identity-based encryption. Protection is accomplished by \simply" using dierent cryptographic keys per monitoring feed, and automatically permitting per-feed key reconstruction upon the occurrence of independent and asynchronous per-domain/per-feed alerts. Due to the rigid limitation of threshold-based approach for data disclosure, we signicantly extend the underlying cryptographic approach so as to support disclosure not only for threshold-based policies, but for more general (monotone) access structures. We further show that both solutions appear scalable and easy to deploy, not requiring neither a-priori monitoring data feeds identication, nor explicit coordination among domains. We cast such technique to a realistic scenario of whitelist sharing for DDoS mitigation. Therefore, in the case of whitelists for DDoS mitigation, where domains broadcast, for each possible DDoS target, the set of legitimate customers (client IP addresses) whose trac should not be blocked while a DDoS attack is in progress. However, such a ne-grained whitelist sharing approach appears hardly appealing (to say the least) to operators; not only the indiscriminate sharing of customers' addresses raises privacy concerns, but also it discloses, to competitor domains, business critical information on the identity and activity of customers. In Appendix A, there is a list of my publications related to the three contributions of this PhD thesis

(2013). Secure conditional cross-domain data sharing.

Secure conditional cross-domain data sharing

RAJABI, HANIEH
2013-01-01

Abstract

Defensive techniques against Internet-scale attacks can signicantly benet from sharing network security data among dierent domains. However, cross-domain collaborative security is aected by a native dichotomy. On one side, sharing of monitoring data across domains may signicantly help in detecting large scale threats and attacks; on the other side, data sharing con icts with the need to protect network customers' privacy and condentiality of business and operational information. In this thesis, we address the challenges through sharing network security data and we propose two distinct approaches enable what we call conditional data sharing, i.e., permit cross-domain sharing of ne-grained organized subsets of network security data, only when a global attack is ongoing in the network and multiple of the domain contributors are ready to reveal their data for the same incident. In the rst so called threshold-based approach, we propose a cryptographic construction devised to permit disclosure of cross-domain shared ne-grained organized subsets of network monitoring data, only when a threshold number of domains are determined for the data closure. The proposed approach revolves on a careful combination of distributed threshold based cryptography with identity-based encryption. Protection is accomplished by \simply" using dierent cryptographic keys per monitoring feed, and automatically permitting per-feed key reconstruction upon the occurrence of independent and asynchronous per-domain/per-feed alerts. Due to the rigid limitation of threshold-based approach for data disclosure, we signicantly extend the underlying cryptographic approach so as to support disclosure not only for threshold-based policies, but for more general (monotone) access structures. We further show that both solutions appear scalable and easy to deploy, not requiring neither a-priori monitoring data feeds identication, nor explicit coordination among domains. We cast such technique to a realistic scenario of whitelist sharing for DDoS mitigation. Therefore, in the case of whitelists for DDoS mitigation, where domains broadcast, for each possible DDoS target, the set of legitimate customers (client IP addresses) whose trac should not be blocked while a DDoS attack is in progress. However, such a ne-grained whitelist sharing approach appears hardly appealing (to say the least) to operators; not only the indiscriminate sharing of customers' addresses raises privacy concerns, but also it discloses, to competitor domains, business critical information on the identity and activity of customers. In Appendix A, there is a list of my publications related to the three contributions of this PhD thesis
2013
2013/2014
Ingegneria delle telecomunicazioni e microelettronica
26.
Settore ING-INF/05 - SISTEMI DI ELABORAZIONE DELLE INFORMAZIONI
English
Tesi di dottorato
(2013). Secure conditional cross-domain data sharing.
File in questo prodotto:
File Dimensione Formato  
HaniehRajabi.pdf

solo utenti autorizzati

Licenza: Non specificato
Dimensione 4.19 MB
Formato Adobe PDF
4.19 MB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2108/204177
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact