SEPIA is a Java library for generic secure multiparty computation (MPC). SEPIA's basic primitives are optimized for processing high-volume input data. It uses Shamir's secret sharing scheme and is secure in the honest-but-curious adversary model.

Collaborative Network Monitoring

SEPIA use case

A possible deployment scenario for SEPIA is shown above. On the left, a number of independent network domains monitor their networks, e.g., using NetFlow data export on a router or IDS alert logs. Let's assume the network operators want to aggregrate their data with the other networks. For example, they might be interested in whether other networks see similar intrusion alerts or not. Due to privacy concerns, they would never just hand over their alerts to another operator.

Secret Sharing. In oder to aggregate their alerts in a privacy-preserving way, the operators could install SEPIA input peers in their premises. These input peers take sensitive local data and share it over the group of SEPIA privacy peers. The privacy peers together simulate a trusted third party (TTP). Each privacy peer only gets a random share of each data item. From this share, it cannot derive any information about the original data. Only if a majority of privacy peers comes together and combines their shares, they can reconstruct the information.

Privacy-Preserving computation. Once input data is shared, the privacy peers can perform arbitrary computations on the data without reconstructing intermediate values. SEPIA comes with a complete set of basic private operations, such as addition, multiplication, equality testing, and less-than comparison. When the computation has finished, the privacy peers reconstruct only the final result (for instance all similar intrusion alerts reported by three or more networks) and distribute it to the input peers.

Ready-to-use Protocols. Using the SEPIA library, we have implemented a number of protocols (see download). The correlation of IDS alerts described in the above example could, e.g., be done using the event correlation or the distributed top-k protocol.