Paper 2021/789

P2DPI: Practical and Privacy-Preserving Deep Packet Inspection

Jongkil Kim, Seyit Camtepe, Joonsang Baek, Willy Susilo, Josef Pieprzyk, and Surya Nepal

Abstract

The amount of encrypted Internet traffic almost doubles every year thanks to the wide adoption of end-to-end traffic encryption solutions such as IPSec, TLS and SSH. Despite all the benefits of user privacy the end-to-end encryption provides, the encrypted internet traffic blinds intrusion detection system (IDS) and makes detecting malicious traffic hugely difficult. The resulting conflict between the user's privacy and security has demanded solutions for deep packet inspection (DPI) over encrypted traffic. The approach of those solutions proposed to date is still restricted in that they require intensive computations during connection setup or detection. For example, BlindBox, introduced by Sherry et al. (SIGCOMM 2015) enables inspection over the TLS-encrypted traffic without compromising users' privacy, but its usage is limited due to a significant delay on establishing an inspected channel. PrivDPI, proposed more recently by Ning et al. (ACM CCS 2019), improves the overall efficiency of BlindBox and makes the inspection scenario more viable.Despite the improvement, we show in this paper that the user privacy of Ning et al.'s PrivDPI can be compromised entirely by the rule generator without involving any other parties, including the middlebox. Having observed the difficulties of realizing efficiency and security in the previous work, we propose a new DPI system for encrypted traffic, named ``Practical and Privacy-Preserving Deep Packet Inspection (P2DPI)''. P2DPI enjoys the same level of security and privacy that BlindBox provides. At the same time, P2DPI offers fast setup and encryption and outperforms PrivDPI. Our results are supported by formal security analysis. We implemented our P2DPI and comparable PrivDPI and performed extensive experimentation for performance analysis and comparison.

Note: This paper contains a minor change in the paper and updated implementation results according to the change.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Minor revision. ACM ASIC CCS 2021
DOI
10.1145/3433210.3437525
Keywords
Deep Packet InspectionSearchable EncryptionIntrusion Detection SystemExfiltration System
Contact author(s)
jongkil @ uow edu au
History
2021-06-14: received
Short URL
https://ia.cr/2021/789
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/789,
      author = {Jongkil Kim and Seyit Camtepe and Joonsang Baek and Willy Susilo and Josef Pieprzyk and Surya Nepal},
      title = {P2DPI: Practical and Privacy-Preserving Deep Packet Inspection},
      howpublished = {Cryptology ePrint Archive, Paper 2021/789},
      year = {2021},
      doi = {10.1145/3433210.3437525},
      note = {\url{https://eprint.iacr.org/2021/789}},
      url = {https://eprint.iacr.org/2021/789}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.