Our solution leverages a novel cryptographic protocol that provably protects the privacy of both the participants and the keywords. For example, if web servers collaborate to detect source IP addresses responsible for denial-of-service attacks, our protocol would not reveal the traffic mix of the Web servers or the identity of the ``good'' IP addresses. We implemented a prototype of our design, including an amortized oblivious transfer protocol that substantially improves the efficiency of client-proxy interactions. Our experiments show that the performance of our system scales linearly with computing resources, making it easy to improve performance by adding more cores or machines. For collaborative diagnosis of denial-of-service attacks, our system can handle millions of suspect IP addresses per hour when the proxy and the database each run on two quad-core machines.
Category / Keywords: cryptographic protocols / secure multi-party computation Date: received 24 Apr 2009 Contact author: mfreed at cs princeton edu Available formats: PDF | BibTeX Citation Version: 20090426:203140 (All versions of this report) Discussion forum: Show discussion | Start new discussion