Identifying Encrypted Traffic

Scientific background

Sharing data among organizations is essential in detecting attacks on computer networks. When this collaboration is done in the sectoral or international levels, there is no trusted entity, and the data analysis has to be done in a distributed manner. For organizations to agree to share the data, it should be ensured that no confidential data will be leaked. In addition, this data contains in many cases information of individual clients. For legal reasons and to retain clients’ trust, it is important that information on individuals doesn’t leak. To prevent such leakage, we want to provide differential privacy, which, informally, guarantees no information leakage.

 

Research goals

To build firm theoretical foundations and an implemented infrastructure that will serve as the basis for the construction of distributed collaborative intrusion detection and prevention systems.

 

Methodology

The two main tools that we will use are differentially private analyses and secure function evaluation. We will develop the scientific foundation that will enable using these tools to construct a system that provides privacy while making it possible to perform meaningful analyses. Lately, very efficient implementations of secure function evaluation protocols have been constructed using various cryptographic tools. In addition, methods for constructing differentially private analyses have been developed. We will use these protocols and the methods that we will develop to construct a prototype of a distributed infrastructure for detecting and preventing attacks. To construct this system, we will need to design efficient secure protocols for new tasks.

 

Team Members

Prof. Amos Beimel

Dr. Eran Omri

Dr. Amit Dvir

Aner Ben Efraim

Ilan Orlov

Current:

Roi Inbar

Josef Erlich

Ariel Rotem

Kfir Yaakovi

Or Didi