Anonymity and Privacy in Distributed Early Warning Systems

  • Martin Brunner
  • Hans Hofinger
  • Christopher Roblee
  • Peter Schoo
  • Sascha Todt
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6712)


As the Internet continues to emerge as a critical information infrastructure, IT early warning systems (IT-EWS) have taken on greater importance in protecting both its endpoints and the infrastructure itself. Although it is generally accepted that open sharing of cyber data and warnings between the independent (but mutually vulnerable) endpoints promotes broader situational awareness, such openness introduces new privacy challenges. In this paper, we present a high-level model for security information sharing between autonomous operators on the Internet that enables meaningful collaboration while addressing the enduring privacy and infrastructure needs of those individual collaborators. Our concept for a collaborative and decentralised IT-EWS is based on a novel combination of existing techniques, including peer-to-peer networking and Traceable Anonymous Certificates. We concentrate on the security and confidentiality of the data exchange platform rather than of the data itself, a separate area of research.


Early Warning Systems Secure Information Sharing Privacy Anonymity Critical Information Infrastructure Protection 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Apel, M., Biskup, J., Flegel, U., Meier, M.: Early Warning System on a National Level - Project AMSEL. In: Proceedings of the International Workshop on Internet Early Warning and Network Intelligence, EWNI (2010)Google Scholar
  2. 2.
    Bagheri, E., Ghorbani, A.A.: The State of the Art in Critical Infrastructure Protection: a Framework for Convergence. International Journal of Critical Infrastructures 4(3) (2008)Google Scholar
  3. 3.
    Bennett, K., Grothoff, C.: gap – Practical Anonymous Networking. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 141–160. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Bennett, K., Grothoff, C., Horozov, T., Patrascu, I., Stef, T.: GNUnet - A truly anonymous networking infrastructure. Tech. rep., In: Proc. Privacy Enhancing Technologies Workshop, PET (2002)Google Scholar
  5. 5.
    Brunner, E., Suter, M.: International CIIP Handbook 2008/2009. In: CRN Handbooks, vol. 4, Center for Security Studies, ETH Zurich (2008)Google Scholar
  6. 6.
    Bundesministerium für Inneres: CIP Implementation Plan of the National Plan for Information Infrastructure Protection (2005),
  7. 7.
    Burkhart, M., Strasser, M., Dimitropoulos, X.: SEPIA: Security through Private Information Aggregation. Tech. rep., Computer Engineering and Networks Laboratory, ETH Zurich, Switzerland (2009)Google Scholar
  8. 8.
    Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format (IDMEF). RFC 4765 (Experimental) (March 2007)Google Scholar
  9. 9.
    Dingledine, R., Mathewson, N., Syverson, P.: Reputation in P2P Anonymity Systems. In: Workshop on Economics of Peer-to-Peer Systems (2003)Google Scholar
  10. 10.
    Fan, J., Xu, J., Ammar, M.H., Moon, S.B.: Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme. Comput. Netw. 46, 253–272 (2004)CrossRefzbMATHGoogle Scholar
  11. 11.
    ITU-T: Information technology - Open Systems Interconnection - The Directory: Public-key and Attribute Certificate Frameworks X.509 (March 2000)Google Scholar
  12. 12.
    Kossakowski, K., Sander, J., Grobauer, B., Mehlau, J.I.: A German Early Warning Information System - Challenges and Approaches. In: Presentation at 18th Annual FIRST Conference (June 2006) Google Scholar
  13. 13.
    Li, C., Shirani-Mehr, H., Yang, X.: Protecting Individual Information Against Inference Attacks in Data Publishing. In: Kotagiri, R., Radha Krishna, P., Mohania, M., Nantajeewarawat, E. (eds.) DASFAA 2007. LNCS, vol. 4443, pp. 422–433. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Lincoln, P., Porras, P.: Privacy-preserving Sharing and Correlation of Security Alerts. In: USENIX Security Symposium, pp. 239–254 (2004)Google Scholar
  15. 15.
    Locasto, M., Parekh, J., Misra, V., Stolfo, S.: Collaborative Distributed Intrusion Detection. Tech. rep., Columbia University (2004)Google Scholar
  16. 16.
    Marti, S., Garcia-Molina, H.: Taxonomy of Trust: Categorizing P2P Reputation Systems. Computer Networks Management in Peer-to-Peer Systems 50(4), 472–484 (2006)zbMATHGoogle Scholar
  17. 17.
    Messaging Standard for Sharing Security Information (MS3i): JLS/2007/EPCIP/007 - Project Report (June 2009),
  18. 18.
    National & European Information Sharing & Alerting System: NEISAS,
  19. 19.
    Nystrom, M., Kaliski, B.: PKCS #10: Certification Request Syntax Specification Version 1.7. RFC 2936 (November 2000)Google Scholar
  20. 20.
    Park, S., Park, H., Won, Y., Lee, J., Kent, S.: Traceable Anonymous Certificate. RFC 5636 (Experimental) (August 2009)Google Scholar
  21. 21.
    Pinkerton, S.: A Federated Model For Cyber Security. In: Cyberspace Research Workshop, Shreveport, LA (November 2007)Google Scholar
  22. 22.
    Tang, S.: Simple Threshold RSA Signature Scheme Based on Simple Secret Sharing. In: Hao, Y., Liu, J., Wang, Y.-P., Cheung, Y.-m., Yin, H., Jiao, L., Ma, J., Jiao, Y.-C. (eds.) CIS 2005. LNCS (LNAI), vol. 3802, pp. 186–191. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    The TOR project: TOR: Anonymity Online,
  24. 24.
    Yegneswaran, V., Barford, P., Jha, S.: Global Intrusion Detection in the DOMINO Overlay System. In: NDSS (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Martin Brunner
    • 1
  • Hans Hofinger
    • 1
  • Christopher Roblee
    • 1
  • Peter Schoo
    • 1
  • Sascha Todt
    • 1
  1. 1.Fraunhofer Institute for Secure Information Technology SITMunichGermany

Personalised recommendations