Cryptology ePrint Archive: Report 2021/789

P2DPI: Practical and Privacy-Preserving Deep Packet Inspection

Jongkil Kim and Seyit Camtepe and Joonsang Baek and Willy Susilo and Josef Pieprzyk and Surya Nepal

Abstract: The amount of encrypted Internet traffic almost doubles every year thanks to the wide adoption of end-to-end traffic encryption solutions such as IPSec, TLS and SSH. Despite all the benefits of user privacy the end-to-end encryption provides, the encrypted internet traffic blinds intrusion detection system (IDS) and makes detecting malicious traffic hugely difficult. The resulting conflict between the user's privacy and security has demanded solutions for deep packet inspection (DPI) over encrypted traffic. The approach of those solutions proposed to date is still restricted in that they require intensive computations during connection setup or detection. For example, BlindBox, introduced by Sherry et al. (SIGCOMM 2015) enables inspection over the TLS-encrypted traffic without compromising users' privacy, but its usage is limited due to a significant delay on establishing an inspected channel. PrivDPI, proposed more recently by Ning et al. (ACM CCS 2019), improves the overall efficiency of BlindBox and makes the inspection scenario more viable. Despite the improvement, we show in this paper that the user privacy of Ning et al.'s PrivDPI can be compromised entirely by the rule generator without involving any other parties, including the middlebox. Having observed the difficulties of realizing efficiency and security in the previous work, we propose a new DPI system for encrypted traffic, named ``Practical and Privacy-Preserving Deep Packet Inspection (P2DPI)''. P2DPI enjoys the same level of security and privacy that BlindBox provides. At the same time, P2DPI offers fast setup and encryption and outperforms PrivDPI. Our results are supported by formal security analysis. We implemented our P2DPI and comparable PrivDPI and performed extensive experimentation for performance analysis and comparison.

Category / Keywords: applications / Deep Packet Inspection; Searchable Encryption; Intrusion Detection System; Exfiltration System

Original Publication (with minor differences): ACM ASIC CCS 2021
DOI:
10.1145/3433210.3437525

Date: received 10 Jun 2021

Contact author: jongkil at uow edu au

Available format(s): PDF | BibTeX Citation

Note: This paper contains a minor change in the paper and updated implementation results according to the change.

Version: 20210614:134342 (All versions of this report)

Short URL: ia.cr/2021/789


[ Cryptology ePrint archive ]