Abstract: Methods, terminal and a data center gateway are provided for allowing efficient debugging and troubleshooting of data session encrypted with Perfect Forward Secrecy (PFS) encryption techniques such as for example the Transport Layer Security (TLS) protocol version 1.3. Embodiments of the invention allow the user terminal to authorize a data center gateway to persistently store one or more encryption keys associated with the data session for use to access the recorded data session and troubleshooting it after the session ended, when faults are detected. When a fault is detected, the user terminal provides authorization to the gateway to persistently store the data session along with one or more encryption key(s). With this, the gateway allows for the data session to be later decrypted and faults to be investigated despite the data session being encrypted with PFS techniques.

Abstract: A method and apparatus are disclosed for malware detection in service function chains. In one embodiment, a method includes receiving data associated with a service function chain, the service function chain comprising a plurality of virtual components organized into a plurality of hierarchical levels and the data indicating interactions between the virtual components when processing at least one packet through the service function chain; filtering the received data based at least in part on a time-between order relation of the interactions between the virtual components and the hierarchical level of the virtual component; and generating a harmony feature vector for the service function chain by applying a featurization function on the filtered data, the harmony feature vector including metrics, the metrics calculated according to the featurization function for each hierarchical level being based at least in part on metrics calculated for at least one lower hierarchical level.

Abstract: Methods and systems for automatic provisioning of security policies for content streaming control within a Content Delivery Network (CDN) are provided. According to one aspect, a method for automatic provisioning of security policies for content streaming control by a network node within a CDN that supports at least one streaming media protocol comprises: obtaining a manifest, the manifest being generated in response to a user requesting a streaming content from the CDN; determining a first security policy associated with the user and/or the requested streaming content in accordance with the manifest; updating a set of firewall rules for implementing security policies in accordance with the determined first security policy; and applying the updated set of firewall rules to validate requests from the user for the streaming content. The policies are dynamically configured and may be sparsely provisioned, e.g., downloaded only to the pertinent nodes and activated only when necessary.

Abstract: A method, system and apparatus are disclosed. According to one or more embodiments, a data node is provided. The data node includes processing circuitry configured to: receive an anomaly estimation for a first privatized dataset, the first private dataset being based on a dataset and a first noise profile, apply a second noise profile to the dataset to generate a second privatized dataset, the second noise profile being based at least on the anomaly estimation, and optionally cause transmission of the second privatized dataset for anomaly estimation.

Abstract: According to some embodiments, a security management entity is provided. The security management entity includes processing circuitry configured to: generate a key having a plurality of key parts, anonymize at least a first data instance at least in part by using the key with threshold cryptography, transmit a respective key part to each one of the plurality of trusted entities, store at least one key part where the stored at least one key part is different from the transmitted respective key parts, receive a message from a first trusted entity of the plurality of trusted entities for investigating the anonymized first data instance where the message includes one of the transmitted respective key parts, and deanonymize the first data instance using the stored at least one key part and the one of the transmitted respective key parts associated with the first trusted entity.

Abstract: A method, system and apparatus are disclosed. According to one or more embodiments, a detection node in communication with a network function virtualization, NFV, system operating a NFV stack that is logically separable into a plurality of levels including a first level and a second level is provided. The detection node includes processing circuitry configured to: translate an executed first level event sequence to at least one translated second level event sequence, and compare the at least one translated second level event sequence to an executed second level event sequence to at least in part detect inconsistencies between the at least one translated second level event sequence and the executed second level event sequence where the executed second level event sequence and the executed first level event sequence being part of a multi-level sequence flow.

Abstract: A method, computing device and system are disclosed for evaluating security of virtual infrastructures of tenants in a cloud environment. At least one security metric may be calculated for virtual infrastructures of a tenant based on information associated with at least one virtual resource of the first tenant and at least one interaction of the at least one virtual resource of the first tenant with at least one virtual resource of at least one other tenant in a multi-tenant virtualized infrastructure. At least one security parameter may be evaluated for the first tenant based at least in part on at least one of the at least one calculated security metric for monitoring a security level of the first tenant relative to the at least one other tenant in the multi-tenant virtualized infrastructure.

Abstract: A method for cryptographic key management for managing access control is provided. A key is divided into a plurality of portions of the key. Pre-encryption contextual data is received for each of a plurality of devices. The pre-encryption contextual data indicates at least one attribute of a respective device of the plurality of devices before an encryption of the plurality of portions of the key is performed. The plurality of portions of the key are encrypted based at least on the pre-encryption contextual data of the plurality of devices to make the plurality of the portions of the key dependent at least on contextual data corresponding pre-encryption contextual data. Each of the plurality of encrypted portions of the key is distributed to a respective device of the plurality of devices for storage and retrieval.

Abstract: A security management system including a first TEE and a common TEE is provided. The first TEE is a secured environment for data associated with a first entity. The common TEE is a seemed environment for data associated with any one of a plurality of entities. First anonymization parameters are shared between the first TEE and the common TEE The first anonymization parameters arc based at least in part on at least one privacy requirement of the first entity and at least one utility requirement of the security management system. The security management system includes processing circuitry configured to: anonymize first data associated with the first entity based at least in part on the first anonymization parameters, analyze at least the anonymized first data for performing data investigation, and generate analysis results based at least in part on the analysis of at least the anonymized first data.

Abstract: Systems and methods for verifying the validity of a network link are described herein. A verification packet and an associated packet handling flow can be generated and added to a network in order to investigate a link between network nodes (e.g. switches).

Abstract: A method, system and apparatus are disclosed. In one or more embodiments, a differential privacy, DP, node is provided. The DP node includes processing circuitry configured to: receive a query request; receive a first input corresponding to a utility parameter; receive a second input corresponding to a privacy parameter; select a baseline DP mechanism type based at least on a query request type of the query request, the first input and the second input, where the baseline DP mechanism type includes at least a noise parameter; generate a noise distribution based on the baseline DP mechanism type using a first value of the noise parameter; and determine a DP query result based on applying the noise distribution to the query request applied on a data set.

Abstract: Systems and methods for anonymizing data are provided herein. A network node can receive privacy constraints from a data owner and utility requirements from at least one data processor. An anonymization mechanism can be selected for each data attribute in a data set, based on its specified privacy constraint and/or utility requirement, from the available anonymization mechanism(s) appropriate for its associated attribute type.

Abstract: Systems and methods for managing firewall rules in a distributed firewall system are provided. A first subset of rules is identified to be removed from a first firewall in a first domain and to be added to a second firewall in a second domain. A second subset of rules is identified to be duplicated from the first firewall to the second firewall. Usage statistics for the rules in the identified subsets are synchronized between the first and second firewalls and the second firewall can be configured accordingly.

Abstract: A node includes processing circuitry configured to encrypt first network data including a first tenant identifier using a first cryptographic key to generate first encrypted data and anonymize the first encrypted data to generate anonymized data where the anonymizing of the first encrypted data includes segmenting the first encrypted data and the anonymizing of the first encrypted data preserving relationships among the first network data associated with the first tenant identifier, encrypt the anonymized data using a second cryptographic key to generate encrypted anonymized data, transmit the encrypted anonymized data, at least one analysis parameter, at least one security policy and instructions to analyze the encrypted anonymized data using the at least one analysis parameter, the at least one security policy and the second cryptographic key, receive analysis data resulting from the analysis of the encrypted anonymized data, and determine verification results from the received analysis data.

Abstract: A node including processing circuitry configured to: generate anonymized data based at least in part on a first cryptographic key and network data, calculate a coordination vector, generate initialized data based at least in part on the anonymized data, a second cryptographic key and the coordination vector, transmit the initialized data, the random vector, a security policy and instructions to analyze n iterations of the initialized data and the security policy using the random vector and the second cryptographic key, and receive results of the analysis of the n iterations of the initialized data and the security policy using the random vector and the second cryptographic key. The analysis of an m iteration of the n iterations correspond to an analysis of the initialized data with prefix preservation where the analysis of the remaining iterations of the n iterations fail to be prefixed preserved.

Abstract: A method and apparatus are disclosed for malware detection in service function chains. In one embodiment, a method includes receiving data associated with a service function chain, the service function chain comprising a plurality of virtual components organized into a plurality of hierarchical levels and the data indicating interactions between the virtual components when processing at least one packet through the service function chain; filtering the received data based at least in part on a time-between order relation of the interactions between the virtual components and the hierarchical level of the virtual component; and generating a harmony feature vector for the service function chain by applying a featurization function on the filtered data, the harmony feature vector including metrics, the metrics calculated according to the featurization function for each hierarchical level being based at least in part on metrics calculated for at least one lower hierarchical level.

Abstract: Systems and methods are provided for mitigating security attacks by enabling collaboration between security service functions. A Service Function Chaining (SFC) node receives a packet and determines whether to apply a service function to the packet. Responsive to determining that the packet has been treated by the service function, the packet can be reclassified and switched to a different SFC path.

Abstract: Systems and methods for detecting abnormal User Equipment (UE) behavior in a cellular communications system are disclosed. In some embodiments, a method of operation of a first Network Anomaly Detection (NAD) function associated with a first Radio Access Network (RAN) in a cellular communications system comprises, during a period of time, obtaining information regarding UEs served by the first RAN, detecting that a particular UE has moved from the first RAN to a second RAN, and sending at least some of the information regarding the particular UE to a second NAD function associated with the second RAN. The method further comprises producing a trained partial model of UE behavior for the first RAN, sending corresponding information to the second NAD function, receiving information regarding a trained partial model of UE behavior for the second RAN, generating a trained global model, and performing a prediction of abnormal UE behavior based thereon.

Abstract: Methods and systems for automatic provisioning of security policies for content streaming control within a Content Delivery Network (CDN) are provided. According to one aspect, a method for automatic provisioning of security policies for content streaming control by a network node within a CDN that supports at least one streaming media protocol comprises: obtaining a manifest, the manifest being generated in response to a user requesting a streaming content from the CDN; determining a first security policy associated with the user and/or the requested streaming content in accordance with the manifest; updating a set of firewall rules for implementing security policies in accordance with the determined first security policy; and applying the updated set of firewall rules to validate requests from the user for the streaming content. The policies are dynamically configured and may be sparsely provisioned, e.g., downloaded only to the pertinent nodes and activated only when necessary.

Abstract: A method for cryptographic key management for managing access control is provided. A key is divided into a plurality of portions of the key. Pre-encryption contextual data is received for each of a plurality of devices. The pre-encryption contextual data indicates at least one attribute of a respective device of the plurality of devices before an encryption of the plurality of portions of the key is performed. The plurality of portions of the key are encrypted based at least on the pre-encryption contextual data of the plurality of devices to make the plurality of the portions of the key dependent at least on contextual data corresponding pre-encryption contextual data. Each of the plurality of encrypted portions of the key is distributed to a respective device of the plurality of devices for storage and retrieval.