Paper 2015/264

BlindBox: Deep Packet Inspection over Encrypted Traffic

Justine Sherry, Chang Lan, Raluca Ada Popa, and Sylvia Ratnasamy

Abstract

Many network middleboxes perform {\it deep packet inspection} (DPI), a set of useful tasks which examine packet payloads. These tasks include intrusion detection (IDS), exfiltration detection, and parental filtering. However, a long-standing issue is that once packets are sent over HTTPS, middleboxes can no longer accomplish their tasks because the payloads are encrypted. Hence, one is faced with the choice of only one of two desirable properties: the functionality of middleboxes and the privacy of encryption. We propose BlindBox, the first system that simultaneously provides {\em both} of these properties. The approach of BlindBox is to perform the deep-packet inspection {\em directly on the encrypted traffic}. BlindBox realizes this approach through a new protocol and new encryption schemes. We demonstrate that BlindBox enables applications such as IDS, exfiltration detection and parental filtering, and supports real rulesets from both open-source and industrial DPI systems. We implemented BlindBox and showed that it is practical for settings with long-lived HTTPS connections. Moreover, its core encryption scheme is 3-6 orders of magnitude faster than existing relevant cryptographic schemes.

Note: Additional experiment and text.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Major revision. ACM SIGCOMM
Keywords
implementationcrypto systemspackets
Contact author(s)
justine @ eecs berkeley edu
History
2016-04-11: last of 3 revisions
2015-03-23: received
See all versions
Short URL
https://ia.cr/2015/264
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/264,
      author = {Justine Sherry and Chang Lan and Raluca Ada Popa and Sylvia Ratnasamy},
      title = {BlindBox: Deep Packet Inspection over Encrypted Traffic},
      howpublished = {Cryptology ePrint Archive, Paper 2015/264},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/264}},
      url = {https://eprint.iacr.org/2015/264}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.