Paper 2015/264
BlindBox: Deep Packet Inspection over Encrypted Traffic
Justine Sherry, Chang Lan, Raluca Ada Popa, and Sylvia Ratnasamy
Abstract
Many network middleboxes perform {\it deep packet inspection} (DPI), a set of useful tasks which examine packet payloads. These tasks include intrusion detection (IDS), exfiltration detection, and parental filtering. However, a long-standing issue is that once packets are sent over HTTPS, middleboxes can no longer accomplish their tasks because the payloads are encrypted. Hence, one is faced with the choice of only one of two desirable properties: the functionality of middleboxes and the privacy of encryption. We propose BlindBox, the first system that simultaneously provides {\em both} of these properties. The approach of BlindBox is to perform the deep-packet inspection {\em directly on the encrypted traffic}. BlindBox realizes this approach through a new protocol and new encryption schemes. We demonstrate that BlindBox enables applications such as IDS, exfiltration detection and parental filtering, and supports real rulesets from both open-source and industrial DPI systems. We implemented BlindBox and showed that it is practical for settings with long-lived HTTPS connections. Moreover, its core encryption scheme is 3-6 orders of magnitude faster than existing relevant cryptographic schemes.
Note: Additional experiment and text.
Metadata
- Available format(s)
-
PDF
- Publication info
- Published elsewhere. Major revision. ACM SIGCOMM
- Keywords
- implementationcrypto systemspackets
- Contact author(s)
- justine @ eecs berkeley edu
- History
- 2016-04-11: last of 3 revisions
- 2015-03-23: received
- See all versions
- Short URL
- https://ia.cr/2015/264
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2015/264,
author = {Justine Sherry and Chang Lan and Raluca Ada Popa and Sylvia Ratnasamy},
title = {{BlindBox}: Deep Packet Inspection over Encrypted Traffic},
howpublished = {Cryptology {ePrint} Archive, Paper 2015/264},
year = {2015},
url = {https://eprint.iacr.org/2015/264}
}
