You are looking at a specific version 20200107:094111 of this paper. See the latest version.

Paper 2020/020

Towards Practical Encrypted Network Traffic Pattern Matching for Secure Middleboxes

Shangqi Lai and Xingliang Yuan and Shi-Feng Sun and Joseph K. Liu and Ron Steinfeld and Amin Sakzad and Dongxi Liu

Abstract

Network Function Virtualisation (NFV) advances the development of composable software middleboxes. Accordingly, cloud data centres become major NFV vendors for enterprise traffic processing. Due to the privacy concern of traffic redirection to the cloud, secure middlebox systems (e.g., BlindBox) draw much attention; they can process encrypted packets against encrypted rules directly. However, most of the existing systems supporting pattern matching based network functions require tokenisation of packet payloads via sliding windows at the enterprise gateway. Such tokenisation introduces a considerable communication overhead, which can be over 100× to the packet size. To overcome the above bottleneck, in this paper, we propose the first bandwidth-efficient encrypted pattern matching protocols for secure middleboxes. We start from a primitive called symmetric hidden vector encryption (SHVE), and propose a variant of it, aka SHVE+, to enable encrypted pattern matching with constant, moderate communication overhead. To speed up, we devise encrypted filters to further reduce the number of accesses to SHVE+ during matching. We formalise the security of our proposed protocols, and implement a prototype and conduct comprehensive evaluations over real-world rulesets and traffic dumps. The results show that our design can inspect a packet over 20k rules within 100 $\mu$s. Compared to prior work, it brings a saving of 94% in bandwidth consumption.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
Privacy-PreservingMiddleboxPattern Matching
Contact author(s)
shangqi lai @ monash edu
History
2021-04-17: last of 2 revisions
2020-01-07: received
See all versions
Short URL
https://ia.cr/2020/020
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.