1 / 16

Enhancing Cyber Threat Analysis with Applied Cryptography Techniques

This document outlines the role of applied cryptography in Cyber Threat Analysis (CyberTA), in collaboration with experts Dan Boneh and Amit Sahai. It presents novel capabilities for addressing data and traffic privacy needs using cryptographic tools. The system comprises an alert detection mechanism, allowing for in-depth analysis and record generation of TCP flows, specifically targeting exfiltration while ignoring non-alert entries. By utilizing Identity-Based Encryption (IBE) and Attribute-Based Encryption (ABE), this advanced framework enhances flexibility, efficiency, and security in detecting cyber threats.

tacey
Télécharger la présentation

Enhancing Cyber Threat Analysis with Applied Cryptography Techniques

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Applied Cryptography in CyberTA Brent Waters Work with Dan Boneh and Amit Sahai

  2. Role of Applied Crypto • Introduce new capabilities • Address needs of Data + Traffic Privacy Crypto Tools Data Privacy Crypto CyberTA problems

  3. An Alert Detection System Alert Analysis Data Generation

  4. Record TCP Flows Search for exfiltration,… Ignore non-alert entries NetFlow Logs SRC IP         SPORT   DST IP        DPORT   PACKETS BYTES   SECS --------------------------------------------------------------------------------- 131.252.120.0  33587   130.14.24.0     80      2     1002    1 130.39.136.0   4038    137.104.72.0   49662   479    127993   54 157.182.144.0  1138    65.54.128.0     80 3     88      1

  5. NetFlow Logs SRC IP         SPORT   DST IP        DPORT   PACKETS BYTES   SECS --------------------------------------------------------------------------------- 131.252.120.0  33587   130.14.24.0     80      2     1002    1 130.39.136.0   4038    137.104.72.0   49662   479    127993   54 157.182.144.0  1138    65.54.128.0     80 3     88      1 Classified system Chinese IP Large Data

  6. System Goals • Analyze Abnormal Events • Minimal Disclosure • Simple Data Generation • Flexible Searching Rules

  7. Available Options • Completely Trust Data Collector • Violates Minimal Disclosure • Push Policy to Data Generators • Simplicity • Flexibility, Policy Changes • Conclusion => Need new Mechanism

  8. I am“bob@stanford.edu” email encrypted using public key: “bob@stanford.edu” Private key Identity-Based Encryption (IBE) IBE: [BF’01] Public key encryption scheme where public key is an arbitrary string (ID). • Examples: user’s e-mail address, current-date, … CA/PKG master-key

  9. Limitations of IBE • Lack of Expressivity • Just a string • Require Encrypting with Structure • Reflects Application • Build Policy

  10. Priority= Urgent AND Subj = CyberTA Private key Attribute-Based Encryption (ABE) • Attributes Describe Data • Keys Identified with Policies email encrypted using public key: Attributes To: Bob Subj: CyberTA Priority: Urgent CA/PKG master-key

  11. ABE Features • Encryption labels data w/ attributes • Simple • Application Aware • Authority gives policy keys • Expressive • Late-Binding

  12. Each category is simply an attribute Make keys for exfiltration, etc. (SRC_IP=Top Secret) OR (bytes >100KB AND DestIP = Foreign) ABE on NetFlow Logs SRC IP         SPORT   DST IP        DPORT   PACKETS BYTES   SECS --------------------------------------------------------------------------------- 131.252.120.0  33587   130.14.24.0     80      2     1002    1 130.39.136.0   4038    137.104.72.0   49662   479    127993   54 157.182.144.0  1138    65.54.128.0     80 3     88      1

  13. An Alert Detection System Authority ABE Keys Alert Analysis ABE enc. data Data Generation

  14. Progress • Developed ABE Crypto System • Delegation • Efficiency Improvements

  15. Challenges Ahead • Build a “Blinded IDS” • Make an Intermediate Language • E.g. How to Express numbers as attributes • Combine App. Domain Knowledge and Crypto

  16. THE END

More Related