Abstract: One embodiment of the present invention provides a system for stable selection of collaborating partners for exchanging security data. During operation, the system receives vectors of collaboration values from a plurality of entities. A collaboration value is a measure of an expected benefit of collaborating with a respective entity. The system sorts each of the vectors by the collaboration values of the respective vector. The system then determines matching entities given a number of partners wanted by each organization in N. The system may add matching entities to lists of collaborating partners given the number of partners wanted by each organization in N. Subsequently, the system sends the lists of collaborating partners to facilitate exchanging security data with partners in the list of collaborating partners.

Abstract: A portable proxy for security management and privacy protection and methods of use are provided. The proxy establishes a connection to a user device. The proxy also establishes a secure connection to a virtual private network (VPN), performs authentication of the proxy to the VPN, and upon successful completion of the proxy authentication provides access to the VPN through the secure connection user credentials. Once the VPN accepts the credentials, the proxy routes at least a portion of Internet traffic between the user device and the VPN through the secure connection and the connection to the user device. The proxy can also establish a secure connection to an anonymizing service and route all Internet traffic of the user device through the anonymizing service using the secure connection and the connection to the user device.

Abstract: One embodiment of the present invention provides a system to facilitate collaboration for mitigating network threats. During operation, the system receives encrypted data sets from a plurality of entities. The data sets including data describing threats to network security. The system performs privacy-preserving operations on the encrypted data sets, such as private set intersection. The system then computes one or more metrics based on results of the private set intersection computations. The system may generate a similarity matrix based on the one or more metrics, and returns one or more similarity values from the similarity matrix to one or more entities of the plurality of entities.

Abstract: One embodiment of the present invention provides a system for privacy-preserving sharing of data for secure collaboration. During operation, the system obtains a first set of data describing network events associated with one or more network addresses. Next, the system negotiates with a potential partner to determine a metric for deciding whether to share data. The potential partner is associated with a second set of data describing network events. The system then computes a value for the metric in a privacy-preserving way, based on the first set of data and the second set of data. Subsequently, the system determines whether the metric value exceeds a predetermined threshold, and, responsive to determining that the metric value exceeds the predetermined threshold, the system shares the first set of data with the potential partner, while controlling how the data should be shared to optimize benefits and risks of collaboration.

Abstract: One embodiment of the present invention provides a system for privacy-sensitive ranking of aggregated data. During operation, the system distributes secret keys to a plurality of devices. The system then generates a plurality of probability density functions in a privacy-preserving way using encrypted data received from a subset of the plurality of devices. The encrypted data is data that has been encrypted with one or more of the secret keys by the subset of devices. The system then generates a plurality of probability mass functions, each probability mass function associated with a corresponding probability density function. Subsequently, the system computes a plurality of distance values, each respective distance value being a measure of distance from a probability mass function to a second distribution. The system then ranks the probability mass functions and/or associated attributes according to their respective distance from the second distribution.

Abstract: One embodiment of the present invention provides a system for privacy-preserving aggregation of encrypted data. During operation, the system distributes secret keys to a plurality of devices. The system receives at least a pair of encrypted vectors from each device of a subset of the plurality of devices. One of the encrypted vectors is associated with a set of numerical values and the other encrypted vector is associated with corresponding square values of the set of numerical values. Each pair of encrypted vectors is encrypted using a respective secret key distributed to a device of the plurality of devices. The system then computes, for each pair of encrypted vector elements associated with a numerical value and a square of the numerical value, a mean and variance of a probability density function. The system then generates a plurality of probability density functions based on the computed mean and variance values.

Abstract: One embodiment of the present invention provides a system to facilitate collaboration for mitigating network threats. During operation, the system receives encrypted data sets from a plurality of entities. The data sets including data describing threats to network security. The system performs privacy-preserving operations on the encrypted data sets, such as private set intersection. The system then computes one or more metrics based on results of the private set intersection computations. The system may generate a similarity matrix based on the one or more metrics, and returns one or more similarity values from the similarity matrix to one or more entities of the plurality of entities.

Abstract: One embodiment of the present invention provides a system for stable selection of collaborating partners for exchanging security data. During operation, the system receives vectors of collaboration values from a plurality of entities. A collaboration value is a measure of an expected benefit of collaborating with a respective entity. The system sorts each of the vectors by the collaboration values of the respective vector. The system then determines matching entities given a number of partners wanted by each organization in N. The system may add matching entities to lists of collaborating partners given the number of partners wanted by each organization in N. Subsequently, the system sends the lists of collaborating partners to facilitate exchanging security data with partners in the list of collaborating partners.

Abstract: A portable proxy for security management and privacy protection and methods of use are provided. The proxy establishes a connection to a user device. The proxy also establishes a secure connection to a virtual private network (VPN), performs authentication of the proxy to the VPN, and upon successful completion of the proxy authentication provides access to the VPN through the secure connection user credentials. Once the VPN accepts the credentials, the proxy routes at least a portion of Internet traffic between the user device and the VPN through the secure connection and the connection to the user device. The proxy can also establish a secure connection to an anonymizing service and route all Internet traffic of the user device through the anonymizing service using the secure connection and the connection to the user device.

Abstract: One embodiment of the present invention provides a system for privacy-preserving sharing of data for secure collaboration. During operation, the system obtains a first set of data describing network events associated with one or more network addresses. Next, the system negotiates with a potential partner to determine a metric for deciding whether to share data. The potential partner is associated with a second set of data describing network events. The system then computes a value for the metric in a privacy-preserving way, based on the first set of data and the second set of data. Subsequently, the system determines whether the metric value exceeds a predetermined threshold, and, responsive to determining that the metric value exceeds the predetermined threshold, the system shares the first set of data with the potential partner, while controlling how the data should be shared to optimize benefits and risks of collaboration.

Abstract: A system and method for verifying online dating profiles is provided. A profile is retrieved for a user on an online dating site. A social network page is identified for the user. Information about the user is accessed from the social network page, wherein the information includes one or more fields of metadata. The metadata from at least one of the fields on the social network page is compared with metadata from a corresponding field of the online dating site. A determination is made as to whether the metadata of the social network page matches the metadata of the online dating site. A certification status of the metadata is assigned to at least one of the fields on the online dating site. A certified status is assigned to the metadata when a match occurs. An uncertified status is assigned to the metadata when no match occurs.

Abstract: An approach is provided for preserving privacy for appointment scheduling. A scheduling platform receives a request to schedule an appointment among one or more users. The scheduling platform determines availability information for the one or more users from one or more respective devices, wherein the availability information is encrypted using homomorphic encryption. The scheduling platform then processes and/or facilitates a processing of the availability information using, at least in part, one or more homomorphic functions to determine one or more recommended time slots for the appointment.

Abstract: An approach is provided for preserving privacy for appointment scheduling. A scheduling platform receives a request to schedule an appointment among one or more users. The scheduling platform determines availability information for the one or more users from one or more respective devices, wherein the availability information is encrypted using homomorphic encryption. The scheduling platform then processes and/or facilitates a processing of the availability information using, at least in part, one or more homomorphic functions to determine one or more recommended time slots for the appointment.