Polymorphic Encryption and Pseudonymisation of IP Network Flows
This addresses the need for secure and scalable pseudonymisation in network flow analysis, particularly for handling large volumes of data, but it appears incremental as it builds on existing cryptographic techniques like ElGamal encryption and Schnorr proofs.
The authors tackled the problem of securely storing and retrieving IP network flows by replacing IP addresses with pseudonyms, using a system called PEP3 that employs a transcryptor with five independent peers to manage pseudonyms without learning the addresses, achieving operations that can be performed by any three peers to prevent single points of trust or failure.
We describe a system, PEP3, for storage and retrieval of IP flow information in which the IP addresses are replaced by pseudonyms. Every eligible party gets its own set of pseudonyms. A single entity, the transcryptor, that is composed of five independent peers, is responsible for the generation of, depseudonymisation of, and translation between different sets of pseudonyms. These operations can be performed by any three of the five peers, preventing a single point of trust or failure. Using homomorphic aspects of ElGamal encryption the peers perform their operations on encrypted and --potentially-- pseudonymised IP addresses only, thereby never learning the (pseudonymised) IP addresses handled by the parties. Moreover, using Schnorr type proofs, the behaviour of the peers can be verified, without revealing the (pseudonymised) IP addresses either. Hence the peers are central, but need not be fully trusted. The design of our system, while easily modified to other settings, is tuned to the sheer volume of data presented by IP flow information.