Passive network monitoring is required for the operation and maintenance of communication networks as well as to detect frauds and attacks. Typically, raw packet-level traffic traces are collected using suitable traffic probe devices and fed to monitoring applications (IDSs, antivirus, etc..) for analysis, with potential risks for the legitimate privacy rights of the customers. This projects aims to show that it is technically possible to devise a privacy-preserving network monitoring system where carefully designed data protection mechanisms can coexist with suitably adapted monitoring applications.
The proposed approach is based on a two-tier system. A first front-end tier of data protection mechanisms will be directly enforced at the traffic probe devices. The front-end cryptographic mechanisms will be controlled by a separate entity (privacy-preserving controller). The collected (and already protected) data will be delivered to a second back-end tier, which is implemented as a privacy-enforcing middleware and provides an additional level of data protection to enable privacy-preserving access and/or sharing of the acquired data to external parties. By interacting with the privacy-preserving controller, the back-end provides the capability of selectively removing data protection in specific cases (namely in the presence of attacks, abuses and in general when reaction is needed) and on the minimal amount of collected data necessary to enable such reactions.The system will exploit standard-based protocols for data exporting, in order to achieve interoperability. It will be designed from the beginning to comply with the privacy regulation set forth at EU and regional levels: the back-end will express privacy regulations into concrete rules in an ontology language. Ultimately, the goal of the project is to set a new de-facto standard for privacy-preserving traffic monitoring and deliver a tool that is guaranteed (and possibly certified) for legal compliance.