Main Objectives PRISM aims at devising a privacy-preserving network monitoring system with guaranteed enforcement of data protection legislation. This will be accomplished by pursuing privacy-compliant technologies and solutions including the following objectives: Design of a two-tier monitoring architecture with data protection reversion bound to third-party cooperation. “Blind” intrusion detection. Extension and promotion of standard-based data export protocols. Design of monitoring application friendly data protection mechanisms. High performance front-end implementation. Secure and high-performing back-end implementation. Design of a privacy-aware back-end semantic middleware. Regulatory compliancy. Innovative approaches to privacy-respectful monitoring application design. Integrated trial in a real operator’s network.
Concept Privacy is of great concern to users of the Internet, and is a critical part of a user experience. The PRISM project investigates the possibility to preserve the customers’ privacy, by avoiding disclosure of raw captured data even inside the controller domain itself, while preserving the possibility of running monitoring applications, including the possibility to detect and react to attacks and trace back abuses (thus improving public security). The PRISM technology aims at being fully legally compliant with data privacy protection regulation on one side, and to the security legislation on the other side. Technical Approach The Goal of the PRISM project is to devise network monitoring technologies and architectures, which guarantee enforcement of data protection legislation. This will be accomplished through the specification, design, implementation and validation of a two-tiered network monitoring system. The overall work plan of PRISM is structured into 4 work-package groups. These WPGs are further subdivided into 10 work-packages. The interdependencies of these work-packages are shown below: PRISM System Architecture PRISM system architecture has 3 functional blocks:
- PRISM Front-end – This component is meant to be a “Black-Box” traffic probe, “cryptographically controlled” by an entity, in the figure referred to as third-party privacy-preserving controller. The PRISM front-end is devised to capture data on the network link(s), protect them according to suitably designed data protection mechanisms whose secrets are provided by the Privacy-Preserving Controller, and deliver them to the back-end system through standard-based data export protocols, IPFIX being the technology of choice.
- Privacy-Preserving Controller – This entity accomplishes the task of providing and maintaining the crypto secrets, which are used by the data protection mechanisms enforced on the front-end.
- PRISM back-end – This part of the system is in charge of collecting, storing and processing the front-end protected data traces. Monitoring applications running on the back-end will operate on encrypted traces. When strictly necessary and/or mandated by regulatory provisions, the back-end will interoperate with the privacy preserving controller to selectively revert the data protection mechanisms set forth at the front-end.
Finally, collected data traces and/or derived statistics will be further sanitised through robust anonymisation mechanisms. These will allow disclosure of data traces and/or related derived information to the public community, to meta-repositories, and to externally operated monitoring applications. Expected Impact and Exploitation Directions Privacy is of great concern to most users of the Internet, and is a critical part of satisfactory user experience. A modular design of both PRISM front-end and back-end is foreseen to allow individual exploitation of PRIMS sub-components, and specifically - the PRISM front-end as a stand-alone high-performance and flexible traffic-probing device;
- the PRISM back-end as a stand-alone regulatory-compliant role-based access control technology to improve the operator’s control and management of the access and processing of gathered data.
The PRISM design carefully follows the guidelines set forth by recent regulatory trends in terms of clear functional separation between the entities accessing the gathered data and the entities controlling and managing access permissions.
|