Privacy-Preserving Data Exfiltration Monitoring Using Homomorphic Encryption

Abstract

Monitoring and encryption are essential to secure today's computer networks. Monitoring network traffic data can be especially useful to protect against data exfiltration by detecting signatures in file metadata to identify especially sensitive files that should not be publicly released. Encryption restricts the visibility of signatures, but this may be needed because some signatures used to protect against data exfiltration may themselves be sensitive, as knowledge of signatures could help adversaries circumvent monitoring. We present results on a prototype exfiltration guard to securely and privately monitor flows of encrypted information for encrypted signatures without requiring the decryption of the data flows or the signatures or the sharing of decryption keys. Our approach is based on using homomorphic encryption to enables secure computing on encrypted data. We show experimental results with a prototype proof-of-concept encrypted data guard running on a commodity computing hardware. These designs point to possible future advances driven by ongoing homomorphic encryption improvements to compute on encrypted data for more advanced and secure filtering and exfiltration protection schemes.