Private Packet Filtering (PPF) is a new capability that preserves the confidentiality of sensitive attack indicators, and retrieves network packets that match those indicators without revealing specific indicators or the matching packets. The capability is achieved through the introduction of a high-level language, a conjunction operator that expands the breadth of the language, a simulation of the document detection and recovery rates of the output buffer, and through a description of applicable system facets. Fundamentally, PPF adapts the private stream search system defined by Ostrovsky and Skeith which uses the (partial) homomorphic property of the Paillier cryptosystem.
PPF is intended for use in a collaborative environment involving a cyber defender and a partner: The defender has access to a set of sensitive indicators, and is willing to share some of those indicators with the partner. The partner has access to network data, and is willing to share that data. Neither is willing to provide full access. Using the language, the defender creates an encrypted form of the sensitive indicators, and passes the encrypted indicators to the partner. The partner then uses the encrypted indicators to filter packets, and returns an encrypted packet capture file. The partner does not decrypt the indicators and cannot identify which packets matched. The defender decrypts, reassembles the matching packets, gains situational awareness, and notifies the partner of any packets that matched an attack indicator. In this sense, the defender reveals only the matched indicator and retains control of all other indicators. PPF allows both parties to gain situational awareness of malicious activity, and to retain control without exposing every indicator or all network data.
Ostrovsky and Skeith introduced the notion of private stream searching in 2005. Their private search system is clever, uses a list of encrypted ones and zeroes to select matching documents, and an output buffer to accumulate non-matching documents as a summation of plaintext zeroes. This buffer optimizes the communication cost of the search and assures that non-matching documents are not transmitted back to client performing the performing search.
Using our PPF language, a cyber defender gains access to the underlying private stream search system without significant knowledge of the system or the complexity of its cryptographic methods. The language thus provides a standard representation of a private query for packet filtering that resolves data organization issues and encourages the development of inter-operable implementations. A high level language for private stream searching has not been previously presented.
|Advisor:||Phatak, Dhananjay S.|
|Commitee:||Collins, Michael, Dykstra, Josiah, Fink, Russ A., Pinkston, John|
|School:||University of Maryland, Baltimore County|
|School Location:||United States -- Maryland|
|Source:||DAI-B 75/05(E), Dissertation Abstracts International|
|Keywords:||Cyber defense, Oblivious transfer, Packet filtering, Private packet filtering, Private search, Private stream searching|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be